E-Commerce Site Exposed Children Worldwide

The security software firm SafetyDetectives have discovered a data breach affecting the e-commerce website of Melijoe  an upmarket children’s fashion retailer based in France.

An Amazon S3 bucket cloud data store owned by the company was left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers.

 It is estimated that around 200k people have had their information exposed on Melijoe’s unsecured Amazon S3 bucket. 

Melijoe have a global network that offers clothing for girls, boys, and babies and features top brands, including Ralph Lauren, Versace, Tommy Hilfiger, and Paul Smith Junior. Melijoe has an annual turnover in excess of $200million across a range of high street and e-commerce stores. The Melijoe brand is operated by the company officially registered as BEBEO, which is headquartered in Paris. BEBEO has a registered capital of around $1.1 million.

Several indicators confirm that Melijoe has a bearing on the open Amazon S3 bucket. While brands, birthdates, and other contents in the bucket suggest the owner is a French children’s fashion retailer, there are also references to “Bebeo” throughout. Importantly, the bucket contains critical sitemaps for melijoe.com.

Altogether, melijoe.com’s misconfigured Amazon S3 bucket has exposed almost 2 million files, totalling around 200 GB of data. 

A few files on the bucket exposed hundreds of thousands of logs containing the sensitive data and personally identifiable information (PII) of Melijoe’s customers. These files contained different data sets: Preferences, wishlists, and purchases. There were other file types on the bucket, too, including shipping labels and some data related to melijoe.com’s product inventory.

Melijoe.com sells products to a global customer base and, as such, customers from across the globe have been exposed in the unsecured bucket. Primarily, customers from France, Russia, Germany, the United Kingdom, and the United States are affected.

Safety Detectives:  

You Might Also Read: 

A Short Guide To Building Cloud-Based SaaS Applications:

 

« He's Back: Trump’s New Social Media Platform
Extortion: Most British Firms Pay The Ransom »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

First Response

First Response

First Response is a Cyber Incident Response and Digital Forensic Investigation company.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Silent Sector

Silent Sector

Silent Sector is a cybersecurity services company that specializes in providing a wide range of managed security services.

CornerStone

CornerStone

CornerStone is an award winning, independent risk, cyber and security consulting firm providing a range of Risk Management, Security Design and Implementation Management Services.

Elba

Elba

Employee security needs to be reinvented. SaaS security needs to involve end-user and awareness needs to be actionable. Meet elba, the 5-in-one cybersecurity hub with no compromises.

Emircom

Emircom

Emircom is one of the Middle East's leading independent providers of IT infrastructure services, helping clients to drive growth and deliver measurable outcomes.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.

Cloudbox

Cloudbox

Cloudbox build and maintain a highly secure, compliant IT infrastructure for our clients – with total peace of mind – so they can focus on the market.

CYNC Secure

CYNC Secure

CYNC boosts cybersecurity remediation by consolidating fragmented data and optimizing operational processes.