CYBERInsights: DATA Breach – Online Retailer Exposes Over 1m Customers Data | WebsitePlanet
CYBER INSIGHTS: DATA BREACH – Online Retailer Exposes Over 1m Customers Data
Syndicated By: Iain Fraser – Cybersecurity Journalist Gibraltar
30th May 2023
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained over a million customer records. Upon further investigation, it was identified that these records were customers’ order confirmations that belonged to SimpleTire, based in Philadelphia, Pennsylvania. The exposed order confirmations included the customer’s name, phone number, physical address and partial credit card number with expiration dates.
When the open server was discovered, I immediately sent a responsible disclosure notice to several email addresses at SimpleTire, stating that the database was publicly accessible to anyone with an internet connection. Despite multiple email notices, the database remained open and publicly accessible for more than 3 weeks after my discovery.
The database contained more than just receipts and had references to the installers’ information, return requests, wholesale pricing records, and what appeared to be images used on the website and in email communications. I did not receive a reply to my responsible disclosure notices, a few days later public access to the database was fully restricted and was no longer accessible.
According to their website, SimpleTire offers over 55 million tires, 10,000+ installation centres, and more than 300 brands of tires. In an undated press release, Inc. Magazine’s Inc. 5000 named SimpleTire the fastest-growing automotive brand in America.
Exposed credit card data, along with other personal information, could potentially be used by thieves to make unauthorized transactions, in identity theft, phishing and social engineering attacks, and more. Learn More /…
About Jeremiah Fowler
Jeremiah Fowler is a Security Researcher and co-founder of Security Discovery. Jeremiah began his career in security research in 2015 and has a mission of data protection. He has helped identify and secure the data of millions of people around the world. His discoveries have been covered in Forbes, BBC, Gizmodo, among others. Security and responsible disclosure are not only a passion, but a way of protecting our digital lives. Learn More /…
