Researchers have found a misconfigured Easticsearch server belonging to Office Depot, a popular office supplies store chain. One million customers’ personal information was exposed on the misconfigured server, according to researchers. The database was not protected by a password and was initially found by a Website Planet team on March 3. The researchers then traced the database back to Office Depot Europe.
The information exposed in the leak includes phone numbers, home and office addresses, email addresses, marketplace logs, order histories, and hashed passwords. This data could be leveraged by cybercriminals to perform convincing phishing attacks. Although Office Depot secured the database within hours of being notified, the Elasticsearch server may have been left exposed for up to 10 days, allowing plenty of time for criminals to access it.
Read More: Office Depot Configuration Error Exposes One Million Records