Customers On Alert as E-Commerce Player Leaks 1.7+ Billion Records
Hariexpress, a Brazilian e-commerce firm, has accidentally exposed close to 1.8 billion records including customers’ and sellers’ personal information. The leak, which has put customers on high alert, was the result of a misconfigured Elasticsearch server. A team at SafetyDetective discovered the files in June and was able to trace the leak back to Hariexpress. Hariexpress is a firm that allows vendors to manage and automate their activity across multiple marketplaces such as Facebook and Amazon.
Although the firm replied to researchers just days after they were alerted of the leak in July, it became uncontactable. The issue has since been fixed. The server was reportedly left unencrypted with no password protection in place. It contained roughly 610GB of data and included data such as full names, home addresses, phone numbers, billing details, phone numbers, and tax IDs. SafetyDetectives could not confirm the total number of individuals affected due to the size of the data trove. It is unclear whether malicious actors accessed the unsecured server.