Giant Ecommerce Company Exposes 1.5 Million Records
For the sixth time this year, we are writing about another major Elasticsearch misconfiguration. Late last week, VPNMentor discovered Gearbest, a massively successful Chinese ecommerce company, had a major security breach.
An Elasticsearch server was once again (see below) not protected with a password, allowing anyone to search the database and exposing 1.5 million customer records. Gearbest is ranked as one of the top 250 global websites, with hundreds of thousands of sales every day. Their exposed information included names, addresses, phone numbers, email addresses, customer orders, products purchased, and in some cases, passport numbers and other national ID data.
This security lapse adds to a growing list of organizations in 2019 that have left Elasticsearch servers unprotected, exposing a lot of proprietary data:
DivvyCloud CEO and Co-Founder, Brian Johnson, commented on Gearbest’s misconfiguration:
“Gearbest’s data leak of over 1.5 million customer records adds to a growing list of organizations that have suffered security lapses in 2019 due to misconfigured Elasticsearch servers. However, Gearbest’s incident stands out since passport numbers, national ID numbers and full sets of unencrypted data, including email addresses and passwords were among the exposed information. This data could allow hackers to easily steal Gearbest’s customers’ identities by cross-referencing with other databases, and allow malicious actors access to online government portals, banking apps, health insurance records, and more.
Organizations like Gearbest must learn to be diligent in ensuring data is protected with proper security controls. Automated cloud security solutions would have been able to detect the misconfiguration in the Elasticsearch database and could either alert the appropriate personnel to correct the issue, or trigger an automated remediation in real-time. These solutions are essential to enforcing security policies and maintaining compliance across large-scale hybrid cloud infrastructure.”
Interested in learning more? Speak with a DivvyCloud expert today!