Shoemaker Ecco has been working a misconfigured database for greater than a yr, exposing an enormous tranche of delicate info to whoever knew the place to look.
That is in accordance with a brand new report from Cybernews (opens in new tab), whose analysis group just lately recognized 50 Ecco indices uncovered to the general public. In complete, the database has had greater than 60GB of delicate information that’s been accessible since June 2021.
“Hundreds of thousands of delicate paperwork, from gross sales to system info, had been accessible. Anybody with entry might have considered, edited, copied and stolen, or deleted the information,” the researchers mentioned.
API requests
Whereas Ecco moved in to treatment the issue within the meantime, they didn’t touch upon Cybernews’ findings. The database appears to be locked now, the researchers mentioned.
Whereas scanning the online for unsecured and in any other case misconfigured databases, the analysis group discovered an uncovered occasion internet hosting Kibana, an ElasticSearch visualization dashboard, for Ecco. Kibana, because the researchers defined, helps course of ElasticSearch info.
The occasion internet hosting the dashboard was guarded by an HTTP authentication, however the server was (mis)configured in a approach that allowed API requests by. Utilizing this loophole, the researchers appeared up the index names on Ecco’s ElasticSearch, seeing 50 uncovered indices with greater than 60GB of information.
The information contained all types of delicate info, from gross sales and advertising, to logging and system info, the researchers mentioned. One index, sales_org, accommodates greater than 300,000 paperwork. A listing known as market_specific_quality_dashboard held greater than 820,000 information.
There are a number of methods a menace actor might make use of the database, they additional defined, saying that the seen code might have been modified, in addition to naming, and URLs, all to run phishing campaigns, identification theft (opens in new tab), or to trick individuals into working malware and ransomware.
What’s extra, the database shouldn’t be for a neighborhood Ecco outpost, however reasonably for the worldwide ecco.com web site. Within the arms of an skilled cybercriminal, the information might be a serious device in attacking the corporate globally. Ecco shops, its staff, in addition to shoppers and prospects.