>
Shoemaker Ecco has been running a misconfigured database for over a year, exposing a huge amount of sensitive information to anyone who knew where to look.
This is according to a new report from Cyber news (opens in new tab), whose research team recently identified 50 Ecco indexes that have been exposed to the public. In total, as of June 2021, the database contains more than 60 GB of sensitive data.
“Millions of sensitive documents, from sales to system information, were accessible. Anyone with access could have viewed, edited, copied and stolen or deleted the data,” the researchers said.
API requests
While Ecco moved in to resolve the issue in the meantime, they declined to comment on Cybernews’ findings. The database now appears locked, the researchers said.
While scanning the web for unsecured and otherwise misconfigured databases, the research team found an exposed instance hosting Kibana, an ElasticSearch visualization dashboard, for Ecco. Kibana, as the researchers explained, helps ElasticSearch process information.
The instance hosting the dashboard was guarded by an HTTP authentication, but the server was (mis)configured in a way that allowed API requests through. Using this loophole, the researchers looked up the index names on Ecco’s ElasticSearch and saw 50 exposed indices with more than 60 GB of data.
The data contains all sorts of sensitive information, from sales and marketing to logging and system information, the researchers said. One index, sales_org, contains more than 300,000 documents. A directory called market_specific_quality_dashboard contained over 820,000 records.
There are multiple ways for a threat actor to leverage the database, they further explained, saying that the visible code could have been changed, as well as the naming and URLs, all to run phishing campaigns and identity theft. (opens in new tab)or to trick people into running malware and ransomware.
In addition, the database is not for a local Ecco outpost, but for the global website ecco.com. In the hands of a skilled cybercriminal, the files could be an important tool to attack the company globally. Ecco stores, its employees, as well as customers and customers.