One retailer’s error endangers millions of Europeans

Tools

Published:

Written by: Staff Editor
spot_img

Massive Data Leak at German Eyewear Company Brillen Exposes Over 3.5 Million Customers in Europe

Over 3.5 million people have been affected across Europe after German eyewear company Brillen spilled order details and customer data to anyone on the internet.

On August 8th, the Cybernews research team discovered a leak that affected German eyewear retailer Brillen. The company provides a wide selection of glasses and contact lenses both online and in its physical stores in Germany and other European countries.

The massive data leak affected over 3.5 million customers in Germany and the company’s affiliate sites in Spain and Austria.

What data was exposed?

– Full names
– Addresses
– Emails
– Mobile phone numbers
– Gender
– Dates of birth
– Detailed order information – payment amounts, invoice numbers, and dates

The leak was caused by the absence of authentication on the Elasticsearch cluster. Elasticsearch is a search engine that allows users to store, search, and analyze large amounts of data. When used in a group of connected servers, it’s called a cluster, which can assist in processing large datasets.

Previous Cybernews research reveals that this is a common cybersecurity mishap. Failing to configure proper authentication exposes stored data to internet users and, inevitably, to threat actors who are constantly scanning the internet for publicly accessible databases.

In the case of Brillen, the cluster stored customers’ personal data and order details. Our researchers contacted the company instantly after discovering the leak, and it reacted by closing the access to the data. However, Cybernews has received no further response from Brillen.

While the cluster has been taken down, the length of time it was exposed remains unclear, as does the extent to which public search engines have indexed the data. Once indexed, the data becomes accessible to anyone, creating a goldmine for threat actors.

The exposed data puts customers at heightened risk of identity theft and fraud. The order details, combined with personal information, can enable threat actors to craft highly customized phishing campaigns.

Apart from causing the company reputational damage, not securing customers’ data violates data protection laws, such as GDPR, which may result in fines of up to 4% of annual turnover, or €20 million, whichever is higher.

spot_img

Related articles

Recent articles

Urgent: Patch GoAnywhere MFT Vulnerability in Fortra Fixes 10.0 Now!

Global
Fortra has recently addressed a critical vulnerability in its GoAnywhere Managed File Transfer (MFT) software. Users are strongly encouraged to apply the...
Read more

Senate Panel Reports No Telecom Breaches on Dark Web in Two Years

Dark Watch
Senate Committee Discusses Telecom Data Security and 5G Spectrum Auction Overview of Recent Developments On September 19, the Senate Standing Committee on Information Technology and Telecommunication...
Read more

RemitHope Aims to Raise $100,000 for 10 Grassroots Organizations in Africa

Regional
RemitHope Launches 100 for 10 Campaign to Support African Communities RemitHope, a groundbreaking fintech social enterprise founded by philanthropist Tsitsi Masiyiwa,...
Read more

Surge in Cyberattacks Linked to Misconfigurations: Insights from SonicWall 2025

Knowledge Hub
The Unseen Threat: Misconfigurations Fueling Cyberattacks In an age where digital transformation is accelerating at an unprecedented pace, cybersecurity has emerged as a paramount concern...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com