The Target: Melijoe.com a high-end e-commerce fashion retailer of luxury children’s clothing.
The Take: Exposure of 2 million records totalling 200GB of Personally Identifiable Information including: email addresses, names, gender, dates of birth, marketing and preferences data.
The Vector: A misconfigured Amazon S3 storage bucket was left open and unsecured, meaning anyone with an internet connection could have accessed and viewed the data.
This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. An unprotected point of entry on a key piece of equipment like a storage server can lead to a breach with a cascading effect on data security. The detailed personal information contained exposes users to targeted phishing attacks and fraud.