E-Commerce Site Exposed Children Worldwide

Uploaded on 2022-03-01 in NEWS-News Analysis, FREE TO VIEW

The security software firm SafetyDetectives have discovered a data breach affecting the e-commerce website of Melijoe  an upmarket children’s fashion retailer based in France.

An Amazon S3 bucket cloud data store owned by the company was left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers.

 It is estimated that around 200k people have had their information exposed on Melijoe’s unsecured Amazon S3 bucket. 

Melijoe have a global network that offers clothing for girls, boys, and babies and features top brands, including Ralph Lauren, Versace, Tommy Hilfiger, and Paul Smith Junior. Melijoe has an annual turnover in excess of $200million across a range of high street and e-commerce stores. The Melijoe brand is operated by the company officially registered as BEBEO, which is headquartered in Paris. BEBEO has a registered capital of around $1.1 million.

Several indicators confirm that Melijoe has a bearing on the open Amazon S3 bucket. While brands, birthdates, and other contents in the bucket suggest the owner is a French children’s fashion retailer, there are also references to “Bebeo” throughout. Importantly, the bucket contains critical sitemaps for melijoe.com.

Altogether, melijoe.com’s misconfigured Amazon S3 bucket has exposed almost 2 million files, totalling around 200 GB of data. 

A few files on the bucket exposed hundreds of thousands of logs containing the sensitive data and personally identifiable information (PII) of Melijoe’s customers. These files contained different data sets: Preferences, wishlists, and purchases. There were other file types on the bucket, too, including shipping labels and some data related to melijoe.com’s product inventory.

Melijoe.com sells products to a global customer base and, as such, customers from across the globe have been exposed in the unsecured bucket. Primarily, customers from France, Russia, Germany, the United Kingdom, and the United States are affected.

Safety Detectives:  

You Might Also Read: 

A Short Guide To Building Cloud-Based SaaS Applications:

 

« He's Back: Trump’s New Social Media Platform
Extortion: Most British Firms Pay The Ransom »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

AVORD

AVORD

AVORD is a cloud-based security testing platform that allows clients to manage security testing requirements in a far more productive and efficient way.

bluedog Security Monitoring

bluedog Security Monitoring

Sentinel from bluedog provides powerful and affordable internal network monitoring.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.