Data of millions of eBay and Amazon shoppers exposed

2020-03-12 15:09

Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services for anyone to find using a search engine.

Data in the records included names, shipping addresses, email addresses, phone numbers, items purchased, payments, order IDs, links to Stripe and Shopify invoices, and partially redacted credit cards.

Also included were thousands of Amazon Marketplace Web Services queries, an MWS authentication token, and an AWS access key ID. Because a single customer might generate multiple records, Comparitech wasn't able to estimate how many customers might be affected.

Amazon queries could be used to query the MWS API, Comparitech said, potentially allowing an attacker to request records from sales databases.

Amazon began investigating the breach on the day it was disclosed to them with the third-party company involved shutting down the database on 8 February.

News URL

https://nakedsecurity.sophos.com/2020/03/12/data-of-millions-of-ebay-and-amazon-shoppers-exposed/

#amazon #ebay

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Amazon		64	9	60	39	13	121