Office Depot Exposed Customer Records Online

Jeremiah Fowler

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

1 minute read
Office Depot Exposed Customer Records Online - Security Discovery

On March 3rd, 2021 I discovered a non-password protected Elasticsearch database that contained just under a million records. The exposed records were labeled as “Production” and contained customer names, phone, physical addresses and more. The monitoring and file logs exposed many internal records that should not have been publicly accessible.

There were multiple references to Office Depot in a large sampling of the records. We immediately sent a responsible disclosure to Office Depot and the database was secured within hours. On March 5th we received a reply from a team member with the Security Operations team at Office Depot Europe thanking us for the notification and raising awareness to the data exposure.

This leak could have provided enough information for cyber criminals to target customers with a social engineering attack or try to gain access to the accounts.

Check out the full summary of the discovery here:  Office Depot Data Leak

← Back to Blog

Got your attention?

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform. Protect your business proactively - get in touch today for personalized digital security solutions.

Address
Business Development
Virginia, United States
Address
Research & Development
Kyiv, Ukraine
Address
Technical HQ
Hamburg, Germany