Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Walmart Partner Exposes Data Of 1.3M Customers
News & Analysis

Walmart Partner Exposes Data Of 1.3M Customers

ISBuzz TeamBy ISBuzz TeamMarch 19, 2018Updated:July 4, 20243 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Following the news that Walmart Partner Exposed Personal Data Of 1.3 Million US And Canadian Shoppers due to an AWS misconfiguration.  IT security experts commented below.

Manoj Asnani, VP of Product Management & Design at Balbix:

“There are many issues with the breach notification of a Walmart partner, Limogés Jewelry, whether or not the database was misconfigured so that it was public facing, the fact that the type of PII – including passwords – was stored in plain text is concerning and an issue that should have been surfaced in any compliance audit conducted on the organization. While it’s not acceptable in this day and age to have information made publicly available and viewable to the rest of the internet, it’s a challenge that nearly every organizations has fallen victim to at some point. One of many reasons this happens is because they are not coming from a mindset where they’re proactively thinking, ‘where am I most likely to get breached?’ and crafting their security approach based on that. Visibility seems to be an issue for everyone except attackers and that is something that must change immediately if we are going to see any change in the number of exposures over the next 5-10 years. It will be interesting to see if there will be any ramifications from Walmart’s perspective, given this is a vetted and approved partner of the retail giant.”

Mike Schuricht, VP Product Management at Bitglass:

“Let’s go back a few weeks to when the BuckHacker search engine was unearthed. It’s clear that identifying a very specific vulnerability such as a misconfigured S3 bucket – by way of a plethora of tools readily available to nefarious individuals and researchers alike – is infinitely easier than implementing and continually monitoring an organization’s applications and stack in the public cloud. Given how readily available discovery tools are for attackers, ensuring corporate infrastructure is not open to the public internet should be considered table stakes for enterprise IT. While it’s difficult to keep track of the number of AWS S3-centric disclosures that have happened since 2016, there should be no misunderstanding from the Board down to the technical level, that this is an issue that can impact any organization at any time and that there are steps that can be taken to ensure this type of breach never happens to you.

An effective way to address these threats is to implement a system that provides visibility over cloud data, alerts for high-risk configurations, and automatic, real-time protection mechanisms. Regulated organizations in healthcare and financial services are keenly aware of this challenge and make security a blocking requirement before any new applications can be deployed.”

Zohar Alon, CEO and Co-Founder at Dome9:

Zohar Alon“As organizations continue to reap the rewards the public cloud, we continue to see setbacks as a result of basic misconfigurations. Last week it was news of BJC from the healthcare sector, this week the ecommerce sector with Wal-Mart’s jewelry partner. Next week it could be the financial, federal or education sector, but questions organizations need to ask themselves are pretty simple: are you running internal scans more than once or twice a year for public-facing, business-critical databases? Are you 100% certain you’ve changed the default settings on your deployments? And do you have the processes and protocols in place to deal with pertinent notifications and alerts to minimize or mitigate exposures?”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Roundcube RCE Vulnerability Disclosed Early Amid Active Exploitation

June 10, 20255 Mins Read

Roblox Under Fire: Lawsuit Alleges Secret Data Tracking of Kids

May 13, 20254 Mins Read

Fake Indian Government Portal Used to Spread Cross-Platform Malware in Suspected APT36 Campaign

May 13, 20253 Mins Read
ISB-Bora-Side-Bar

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}