1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Top online gift platform leaks user details, including thousands

    From TechnologyDaily@1337:1/100 to All on Friday, November 22, 2024 11:15:04
    Top online gift platform leaks user details, including thousands of US military members

    Date:
    Fri, 22 Nov 2024 11:12:15 +0000

    Description:
    Security researchers discovered 300,000 private emails leaked for months from popular online gift shop.

    FULL STORY ======================================================================300,000 emails from EnamelPin, owner of gs-jj.com, exposed online Many originate from .gov or .mil sources, which are used by military or government workers The leak exposed the sites links to China

    Researchers at Cybernews recently discovered over 300,000 emails from EnamelPin customers were exposed for months thanks to an open Elasticsearch instance.

    EnamelPin Inc is the owner of popular gift site gs-jj.com, which sells
    medals, lapel pins, emblems, and more.

    The leaked emails contained personal information such as full names and email addresses, around 2,500 were from .gov and .mil domains. The site is unsurprisingly popular amongst US government officials and military officers, who had ordered products such as coins, patches, and medals. National
    Security Concerns

    The emails and attachments exposed sensitive information about high-ranking military officials. They could be used to determine their position in certain Army units, phone numbers, email addresses, and shipping addresses, Cybernews researchers said.

    Other security issues were discovered on the site, such as the exposure of hidden git repository configuration, folder, and file structure of the website.

    The data was left exposed for months, according to researchers. The information was publicly accessible from April 22 until December 5, which
    left many customers at risk, particularly of identity theft.

    Whilst EnamelPin Inc is registered in California and aimed at civilians, the leak exposed previous unknown links to China. Researchers found a publicly accessible Git configuration file which revealed the websites source code repository is hosted on a Chinese server.

    The company also has an complete expert team in China, long delivery times suggest overseas fulfilment, and the customer support team communicate in broken English.

    Due to the Chinese governments broad powers to access data, it may be risky for US Government and Military officials to use Chinese services, especially in the official settings," Cybernews added.

    This leak raises OPSEC concerns, as ordering patches, emblems, and other
    items can inadvertently expose ranks, divisions, and personal information.
    You might also like Take a look at our pick of the best antivirus software around These are the most damaging scams around, according to Google so be
    on your guard Check out our choices for best malware removal software



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-online-gift-platform-leaks-user-det ails-including-thousands-of-us-military-members


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)