/ SECURITY WATCH

French Online Store Still Leaks 13M Customer Data

Popular articles

03 / 11 / 2016

French Online Store Still Leaks 13M Customer Data

The MacKeeper Security Research Center has discovered that a French online store was found to be leaking the data of nearly 13 million customers. The massive amount of data was improperly stored in a misconfigured database and publically available online. Nearly all of the records stored and collected appear to be French citizens and the data includes including names, emails, DOBs, delivery addresses, phones and billing information.

The MacKeeper Security Research Center has reached out to store to secure the data, but no answer has been received yet and database is still leaking data.

No hack or password was required to access the customer data.

The French Data Protection Act (DPA) applies to any person that is in charge of collecting, processing or storing personal data and it appears that store may be in violation by not securing their customers’ data. According to the DPA there is also a civil liability for collecting sensitive information and data subjects have a right to compensation if they suffer damage. The French Data Protection Act has a very broad conception of personal data. For example, a telephone number is considered to be personal data. In this recent find there is much more identifying data that would qualify as personal under the law.

 

Below is an example of how the records look. More than 13 million records stored as "Cookies" and include the following info (redacted):

 

"email" : "XXX@live.fr",

   "firstname" : "XXXXX ",

   "lastname" : "XXX",

   "website_id" : 1,

   "store_id" : 1,

   "group_id" : 1,

   "prefix" : "Mlle",

   "suffix" : null,

   "dob" : "1996/09/02",

   "gender" : null,

   "middlename" : null,

   "taxvat" : "20",

   "created_at" : "2015/11/17",

   "last_login" : "2015/11/17",

   "newsletter" : true,

   "how_have_known" : null,

   "accept_partners_offers" : false,

   "magentoId" : XXXXX,

   "postalcode" : "XXXX",

   "status" : "client"

 

Among other leaking data are information on payment, purchase history and orders information.

 

"billing_address" : {

   "parent_id" : "XXXXX",

   "address_type" : "billing",

   "firstname" : "XXXX",

   "lastname" : "XXXX",

   "street" : "112 av de XXXX",

   "city" : "Marseille",

   "postcode" : "XXXX",

   "country_id" : "FR",

   "telephone" : "XXXXXXXXXX",

   "address_id" : "XXXXX"

 },

 

As we continue to see the number of data leaks and breaches increase daily, it is another wake up call for any company or business that collects any data on their customers. Another important aspect is understanding the legal requirements for data storage and collection methods. Many small business owners overlook the importance of data security and just create their store and focus on selling products, but they are often legally required to secure the customer information they collect.

The MacKeeper Security Research Center recommends that any company collecting data test their database and make sure that they are using the best practices and they have taken every possible step to secure their data. A simple security audit can save you future legal problems or the damage to your customers and business reputation.  

***

Attention - if you are a media representative or you think you can be helpful in closing this data breach, please drop us a line to security@kromtech.com

***

Attention - Portions of this article may be used for publication if properly referenced and credit is given to MacKeeper Security Research Center. 

Do you have security tips or suggestions? Contact: security@kromtech.com

Stay tuned to the latest security news by visiting MacKeeper Security Watch blogsubscribe to our RSS.