E-Commerce Site Exposed Children Worldwide

Uploaded on 2022-03-01 in NEWS-News Analysis, FREE TO VIEW

The security software firm SafetyDetectives have discovered a data breach affecting the e-commerce website of Melijoe  an upmarket children’s fashion retailer based in France.

An Amazon S3 bucket cloud data store owned by the company was left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers.

 It is estimated that around 200k people have had their information exposed on Melijoe’s unsecured Amazon S3 bucket. 

Melijoe have a global network that offers clothing for girls, boys, and babies and features top brands, including Ralph Lauren, Versace, Tommy Hilfiger, and Paul Smith Junior. Melijoe has an annual turnover in excess of $200million across a range of high street and e-commerce stores. The Melijoe brand is operated by the company officially registered as BEBEO, which is headquartered in Paris. BEBEO has a registered capital of around $1.1 million.

Several indicators confirm that Melijoe has a bearing on the open Amazon S3 bucket. While brands, birthdates, and other contents in the bucket suggest the owner is a French children’s fashion retailer, there are also references to “Bebeo” throughout. Importantly, the bucket contains critical sitemaps for melijoe.com.

Altogether, melijoe.com’s misconfigured Amazon S3 bucket has exposed almost 2 million files, totalling around 200 GB of data. 

A few files on the bucket exposed hundreds of thousands of logs containing the sensitive data and personally identifiable information (PII) of Melijoe’s customers. These files contained different data sets: Preferences, wishlists, and purchases. There were other file types on the bucket, too, including shipping labels and some data related to melijoe.com’s product inventory.

Melijoe.com sells products to a global customer base and, as such, customers from across the globe have been exposed in the unsecured bucket. Primarily, customers from France, Russia, Germany, the United Kingdom, and the United States are affected.

Safety Detectives:  

You Might Also Read: 

A Short Guide To Building Cloud-Based SaaS Applications:

 

« He's Back: Trump’s New Social Media Platform
Extortion: Most British Firms Pay The Ransom »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Caretower

Caretower

Caretower is one of Europe’s leading value added managed service provider in cyber security.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

Secude

Secude

SECUDE is an established global security solutions provider offering innovative data protection for SAP users.

Watchdata Technologies

Watchdata Technologies

Watchdata Technologies is a pioneer in digital authentication and transaction security.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

Austrian Institute of Technology (AIT)

Austrian Institute of Technology (AIT)

AIT is Austria's largest research and technology organisation and a specialist in the key infrastructure issues of the future including data science and cybersecurity.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.