It looks like Verlo Mattress Factory forgot to leave off the last “S” for security: A security researcher has come across an open Elastic database set containing 387,000 records associated with customers of Verlo Mattress Factory.
Jeremiah Fowler, senior security researcher with SecurityDiscovery.com, reported that he discovered the non-password protected database on September 5 that had 387,604 records exposing names, phone numbers, emails, home address, billing address. Additionally, login credentials with hashed passwords for internal users were in the folder along with IP addresses, ports, pathways, and storage info that cybercriminals could exploit to access deeper in to the network.
Fowler attempted to contact Verlo multiple times, but received no response. However, the database was locked up shortly after his initial notification to the company.
“It would have been nice to know if this was indeed a single franchise dataset or more? Who managed it? Was it the corporate office or the franchise that was responsible?” he wrote.
Verlo has 36 locations in Wisconsin, Illinois, Colorado, Iowa, Georgia, and Missouri.