Search our Knowledgebase

Google_1

CYBER INSIGHTS: Online Retailer Exposes Over 1m Customers Data

CYBER INSIGHTS: DATA BREACH - Online Retailer Exposes Over 1m Customers Data
Syndicated By: Iain Fraser - Cybersecurity Journalist Gibraltar

30th May 2023

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained over a million customer records. Upon further investigation, it was identified that these records were customers’ order confirmations that belonged to SimpleTire, based in Philadelphia, Pennsylvania. The exposed order confirmations included the customer’s name, phone number, physical address and partial credit card number with expiration dates.

When the open server was discovered, I immediately sent a responsible disclosure notice to several email addresses at SimpleTire, stating that the database was publicly accessible to anyone with an internet connection. Despite multiple email notices, the database remained open and publicly accessible for more than 3 weeks after my discovery. 

The database contained more than just receipts and had references to the installers’ information, return requests, wholesale pricing records, and what appeared to be images used on the website and in email communications. I did not receive a reply to my responsible disclosure notices, a few days later public access to the database was fully restricted and was no longer accessible.

According to their website, SimpleTire offers over 55 million tires, 10,000+ installation centres, and more than 300 brands of tires. In an undated press release, Inc. Magazine’s Inc. 5000 named SimpleTire the fastest-growing automotive brand in America.

Exposed credit card data, along with other personal information, could potentially be used by thieves to make unauthorized transactions, in identity theft, phishing and social engineering attacks, and more. Learn More /...

About Jeremiah Fowler

Jeremiah Fowler is a Security Researcher and co-founder of Security Discovery. Jeremiah began his career in security research in 2015 and has a mission of data protection. He has helped identify and secure the data of millions of people around the world. His discoveries have been covered in Forbes, BBC, Gizmodo, among others. Security and responsible disclosure are not only a passion, but a way of protecting our digital lives. Learn More /...


Cybersecurity Journalist



Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.

Top Post Ad

Microsoft365 for Business

Below Post Ad

Get 10 for £10 at New Scientist now