Two separate data exposures: The first database was initially discovered back in early April 2022 and despite multiple responsible disclosure notices we never received a reply and the database was restricted from public access several days later. Then, on a separate IP address, the unsecured AWS server appeared again in early July 2022, when we again tried to reach out to the owner, yet again, we didn’t receive a reply, luckily the server was shortly secured. The misconfiguration was caused by the server’s owner (VEVOR or their infrastructure vendor) and not Amazon Web Services. The data was marked as “production” and contained what appears to be various types of PII and sensitive data relating to their online operations including customer information such as first and last name, partial credit card numbers, transaction IDs, order and refund information, and much more. The payment and checkout records including names, emails, home addresses, currency, and more were exposed in both plain text and hashed. Since July, we haven’t seen the dataset exposed again. To make sure it wouldn’t appear again online and ill-intentioned hackers would find it, we waited a few months before publishing our findings. Read my Full Report Here
Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform. Protect your business proactively - get in touch today for personalized digital security solutions.