Danish shoe manufacturer and retailer Ecco suffers a data breach and exposes millions of documents. The server misconfiguration’s severity, open to an attack that could have affected customers all over the world.
Researchers discovered an exposed instance hosting a trove of data for Ecco with over 60GB of data accessible since June 2021.
The exposed instance that hosts Kibana, an ElasticSearch visualization dashboard, for Ecco. Kibana allows the processing of information on ElasticSearch, a storage facility favored by enterprises dealing with large volumes of data.
The instance hosting the dashboard was protected with basic HTTP authentication. The server was misconfigured and allowed all API requests revealing 50 exposed indices with over 60GB of data. The exposed servers contain documents ranging from sales and marketing to logging and system information.
The exposed database linked Ecco.com was left accessible for at least 500 plus days since June 4, 2021. Over 35GB of data was added to the exposed database after the server misconfiguration opened a security hole in Ecco’s infrastructure.
According to the researchers, the capability to modify the data inside ElasticSearch would be a dangerous tool in the hands of persistent threat actors, allowing them to launch a campaign against Ecco stores, employees, and even clients.
It’s not clear if threat actors utilize this weakness , users are advised to keep an eye on the company’s content to avoid malicious phishing attempts. A password manager with two-factor authentication is also suggested to sidestep possible attacks.
This research was documented by researchers from Cybernews.