Kickstarter sensation exposes over 500,000 records containing clients’ data

Published:

spot_img

Peak Design Exposes Over Half a Million Records in Data Leak Incident

Over half a million records with clients’ data and a decade’s worth of support tickets have been publicly exposed and likely accessed by threat actors after a US accessories maker forgot to set a password.

Peak Design, a California-based manufacturer and retailer of bags and accessories for travelers and photographers, exposed its clients’ private data to anyone on the internet. The company, known for its successful crowdfunding campaigns and strong Kickstarter community, raised nearly $36 million to fund the creation of its award-winning product designs.

The leaked data included customer email addresses, home addresses, order information, shipment tracking codes, and customer support inquiries. The Cybernews research team identified the leak on April 25th, with the leaked support tickets spanning nearly a decade from June 2014 to May 2023, magnifying the scope of the leak.

The data leak was caused by a publicly accessible Elasticsearch instance, an open-source search engine for analyzing large amounts of data. Access to Elasticsearch servers should never be exposed to the public web without proper authentication, as they are common targets for threat actors.

Cybernews researchers found a ransom note on Peak Design’s systems, indicating that the threat actor likely accessed the data at least once. The ransom note demanded around $3940 in Bitcoin to prevent the public release and deletion of customer data.

Although the leaked data was not updated in real-time, the exposure of customers’ personal information remains a significant concern. The company has since secured access to the data, but an official response has yet to be received. The potential misuse of the leaked data by gray market marketing agencies, data brokers, spammers, and for phishing or doxxing attacks is a cause for alarm.

spot_img

Related articles

Recent articles

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape Securonix has announced the appointment of Toby Weiss as its new Chief...

India’s Largest Cybercrime Conference Approaches: FutureCrime Summit 2026 Scheduled for 6–7 August at Bharat Mandapam

India's Largest Cybercrime Conference Approaches: FutureCrime Summit 2026 Scheduled for 6–7 August at Bharat Mandapam The FutureCrime Summit 2026 is set to take place at...

EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities

EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities A recent cyberattack targeting Poland's critical infrastructure has been officially linked...

TCS Strengthens Digital Infrastructure as Technology Partner for New Terminal One at JFK Airport

TCS Strengthens Digital Infrastructure as Technology Partner for New Terminal One at JFK Airport The New Terminal One at John F. Kennedy International Airport (JFK)...