An app that webshop sellers on eBay and Shopify used left the data of 8 million sales online by mistake.
This concerns data from British buyers that were publicly available in AWS. This concerns their name, delivery address, email, telephone number, the contents of the order, payment, the last four digits of their credit card, transaction and order number and links to the invoices.
The leak was discovered on February 3 by Comparitech’s Bob Diachenko after being indexed by search engines on February 2. Diachenko immediately reported this to Amazon and by February 8 could also contact the owner of the database that she took offline within the hour.
The data comes from an unnamed SME used by web sellers to manage sales data across several countries, including for VAT calculation.
Compartitech deliberately does not publish the name because it primarily wants to inform about the leak and because the company also had legitimate goals. It is, therefore, not the case that the data was sold or collected dubiously.
Attention has been blown for the British involved in the leak. It is unknown whether criminals discovered the database in those few days. But if that’s the case, the data is ideal for misleading users with highly targeted phishing emails.