[German]An unpleasant story happened at German online retailer brillen.de. Due to a configuration error, the data of 3.5 million European customers was openly available on the Internet. It was therefore possible to see who had bought glasses there. Following a report, the provider quietly closed the leak.
Advertising
Security researchers come across database
The people at Cybernews had already informed me about the data protection incident yesterday, Thursday, October 17, 2024. With data from 3.5 million European customers accessible to third parties, this is a major data leak.
Open Elastic server cluster on the internet
On August 8, 2024, security researchers from Cybernews discovered an Elasticsearch cluster that was accessible from the internet. Elasticsearch is a search engine that allows users to store, search and analyze large amounts of data. This is not a problem as long as this access is secured by user authentication.
In the current case, however, this authentication was missing, which means that the data is accessible to Internet users and inevitably also to threat actors who are constantly searching the Internet for publicly accessible databases.
Customer data from brillen.de leaked
A look at the records of the Elastic Search cluster showed that it belonged to the German online eyewear retailer Brillen (brillen.de). The security researchers found over 3.5 million data records with customer data.
The data leak affected over 3.5 million customers from all over Europe who had ordered something from brillen.de. The data records contained the full names of customers, their addresses, email addresses or (cell) phone numbers, gender and date of birth. Detailed order information, payment amounts and invoice numbers and dates were also included.
Advertising
In Germany, this affected 2,464,579 customer data. As brillen.de is also active in Spain, 961,000 data records of Spanish customers were found. And 90,000 customer data records from Austria were affected.
Retailer closes data leak
The security researchers then informed the online provider brillen.de of their discovery, as they write here. The company reacted immediately by blocking access to the data. The Elastic Search Cluster was removed in terms of accessibility via the Internet. However, I have not found any information about a data leak on their website, they have probably corrected it silently.
It is currently unclear how long the cluster was open. The extent of the data leak also remains unclear because it is not known whether and to what extent public search engines have indexed the data. Once the data is indexed, it can be viewed by anyone, which is a goldmine for threat actors. I have not been able to find any hits in a random search.
German media heise asked the data protection officer of brillen.de and the State Commissioner for Data Protection and Freedom of Information of Brandenburg – they don't know anything. The 72-hour reporting period is long over.
Advertising
