E-Commerce Site Exposed Children Worldwide
The security software firm SafetyDetectives have discovered a data breach affecting the e-commerce website of Melijoe an upmarket children’s fashion retailer based in France.
An Amazon S3 bucket cloud data store owned by the company was left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers.
It is estimated that around 200k people have had their information exposed on Melijoe’s unsecured Amazon S3 bucket.
Melijoe have a global network that offers clothing for girls, boys, and babies and features top brands, including Ralph Lauren, Versace, Tommy Hilfiger, and Paul Smith Junior. Melijoe has an annual turnover in excess of $200million across a range of high street and e-commerce stores. The Melijoe brand is operated by the company officially registered as BEBEO, which is headquartered in Paris. BEBEO has a registered capital of around $1.1 million.
Several indicators confirm that Melijoe has a bearing on the open Amazon S3 bucket. While brands, birthdates, and other contents in the bucket suggest the owner is a French children’s fashion retailer, there are also references to “Bebeo” throughout. Importantly, the bucket contains critical sitemaps for melijoe.com.
Altogether, melijoe.com’s misconfigured Amazon S3 bucket has exposed almost 2 million files, totalling around 200 GB of data.
A few files on the bucket exposed hundreds of thousands of logs containing the sensitive data and personally identifiable information (PII) of Melijoe’s customers. These files contained different data sets: Preferences, wishlists, and purchases. There were other file types on the bucket, too, including shipping labels and some data related to melijoe.com’s product inventory.
Melijoe.com sells products to a global customer base and, as such, customers from across the globe have been exposed in the unsecured bucket. Primarily, customers from France, Russia, Germany, the United Kingdom, and the United States are affected.
You Might Also Read:
A Short Guide To Building Cloud-Based SaaS Applications: