First it was Megafon leaking SMS history and having it indexed on Yandex’s search engine. Now there’s a bigger breach. Natalya Krainova of The Moscow Times reports:
A third Internet leak in just a week has exposed the private shopping habits of people at more than 80 online stores, including those selling model cars, perfume and sex toys.
The leak was first reported by Internet security company Informzashchita, which e-mailed instructions on how to find data about shop orders in a Yandex search engine cache to several media outlets.
A Yandex query had to be formulated with complex search syntax to display the private data, all but ruling out that a casual web surfer could stumble upon the information. But simple queries entered into four other search engines — Google, Bing, Mail.ru and Rambler — also led to cached pages with order data.
Most orders appeared quite innocent, ranging from perfume to model cars. Some of the racier purchases appeared to have been erased by the search engines Tuesday afternoon. Still among the results were orders at the sex store Sexyz.ru, including a male customer’s purchase of lace lingerie.
Yandex in an e-mailed statement blamed poor security at the Internet shops for the leak. Of the other search engines, only Bing’s owner, Microsoft, commented, also saying that all search engines only indexed online information not marked as private, Vedomosti reportedon its web site.
More than 80 online shops were affected by the leak, the Federal Mass Media Inspection Service said in a statement, adding that information on shops with poor online security measures would be forwarded to prosecutors.
Read more on The Moscow Times. Looking at the cached page of results, it seems that names, email addresses, IP addresses from which order was placed, as well as date of order and type of order were exposed. I don’t see any credit card numbers on quick perusal as most payments seem to be cash or COD.
h/t, MediaPost