Security News > 2020 > March > Data of millions of eBay and Amazon shoppers exposed
Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services for anyone to find using a search engine.
Data in the records included names, shipping addresses, email addresses, phone numbers, items purchased, payments, order IDs, links to Stripe and Shopify invoices, and partially redacted credit cards.
Also included were thousands of Amazon Marketplace Web Services queries, an MWS authentication token, and an AWS access key ID. Because a single customer might generate multiple records, Comparitech wasn't able to estimate how many customers might be affected.
Amazon queries could be used to query the MWS API, Comparitech said, potentially allowing an attacker to request records from sales databases.
Amazon began investigating the breach on the day it was disclosed to them with the third-party company involved shutting down the database on 8 February.
News URL
https://nakedsecurity.sophos.com/2020/03/12/data-of-millions-of-ebay-and-amazon-shoppers-exposed/