Researchers today revealed that a misconfigured cloud database has potentially exposed the customers of luxurious women’s fashion store Moda Operandi to phishing and fraud. The 25GB-sized unprotected Elasticsearch cluster contains production logs filled with personal and order information which appear to be part of Moda Operandi’s event logging environment. The exposed information includes names, addresses, phone numbers, and emails. Researchers suggest that all US and Canada-based customers who purchased online at Moda Operandi during that time are in the risk zone.
When data leaks occur, it is often the result of a lack of awareness within the cloud environment. Without proper visibility into deployments, any change or update in policy could impact security and result in a devastating breach putting customer information at risk. To prevent misconfigurations in the cloud, a comprehensive view of the cloud environment is critical. Businesses should enforce security guardrails via policies that can prevent or remediate issues in real-time, significantly minimizing the attack surface. With proactive security and governance policies in place, businesses can have confidence that changes in resources will not affect the security of their sensitive data.