Global e-commerce market and business management platform BuyGoods.com has exposed 198.3GB of sensitive data from a misconfigured cloud database, according to Hackread.
Over 260,000 records were included in the data leak, including BuyGoods.com affiliate payouts, invoices, accounting records, and refund transactions, as well as personally identifiable information and Know Your Customer Data from the retailer's customers and affiliates around the world, a report by cybersecurity researcher Jeremiah Fowler published on WebsitePlanet showed. Such customer data included personal identification cards, passports, licenses, and selfies, as well as their credit card details that were not redacted.
After being notified regarding the misconfigured database, BuyGoods.com confirmed that it had already resolved the concern and diverted PII. However, Fowler said that the database remained accessible online before being closed off.
Organizations have been urged to ensure database security through regular audits, limited user access privileges, robust authentication and access controls, data encryption, regular software patches and updates, automated configuration management tools, and proper employee education.