Comments On Online Retailer Leaks Data On 1.6 Billion Shoppers

It has been reported that an unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year. In what the breach discovers VPNMentor described as a major lapse in LighInTheBox’s data security and potentially devastating to the victims exposing them to not only a cyberattack but potentially a physical confrontation as the data included enough clues to allow a malicious actor to discover their home address.

Experts Comments

December 19, 2019
Tim Erlin
VP of Product Management and Strategy
Tripwire
Not all breaches are the result of a malicious actor. A misconfiguration can be just as impactful as a successful attack. Organizations must monitor their environments for misconfigured systems that expose sensitive data, and they must do so continuously. Misconfigurations that used to stay hidden behind layers of network defenses are increasingly being exposed to the Internet directly, causing a rise in exposed data.
December 19, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
Cloud storage and databases make it very easy and convenient for companies to upload and store large quantities of data. But with great storage comes great responsibility - and users of such services need to familiarise themselves with the security settings to ensure these databases are adequately secured. This should be complemented with regular assurance tests to ensure settings have not changed, as well as monitoring controls that cans alert where there is unauthorised access or unusual.....Read More
Cloud storage and databases make it very easy and convenient for companies to upload and store large quantities of data. But with great storage comes great responsibility - and users of such services need to familiarise themselves with the security settings to ensure these databases are adequately secured. This should be complemented with regular assurance tests to ensure settings have not changed, as well as monitoring controls that cans alert where there is unauthorised access or unusual activity. Until companies embed security through their staff and processes we will continue to see errors in technology that will lead to such large breaches.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.