It looks like Verlo Mattress Factory forgot to leave off the last "S" for security: A security researcher has come across an open Elastic database set containing 387,000 records associated with customers of Verlo Mattress Factory.
Jeremiah Fowler, senior security researcher with SecurityDiscovery.com, reported that he discovered the non-password protected database on September 5 that had 387,604 records exposing names, phone numbers, emails, home address, billing address. Additionally, login credentials with hashed passwords for internal users were in the folder along with IP addresses, ports, pathways, and storage info that cybercriminals could exploit to access deeper in to the network.
Fowler attempted to contact Verlo multiple times, but received no response. However, the database was locked up shortly after his initial notification to the company.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.