Walmart jewelry partner exposed 1.3 million customer details

Bob Diachenko writes:

On February 6^th, 2018 researchers at Kromtech security came across another publicly accessible Amazon s3 bucket. This one contained a MSSQL database backup, which was found to hold the personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, ip addresses, and, most shockingly, plain text passwords, for shopping accounts of over 1.3 million people (1,314,193 to be exact) throughout the US and Canada.

At first glance the data appeared to belong to Walmart as the storage bucket was named ‘walmartsql‘, but upon further investigation by Kromtech researchers it was discovered that the MSSQL database backup inside actually belonged to MBM Company Inc., a jewelry company based in Chicago, IL, which operates mainly under the name Limogés Jewelry.

ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Toys “R” Us Canada customers notified of breach of personal information
Gatineau gymnastics centre warns members of possible data breach
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
Hotel and Casino near Las Vegas Strip suffers data breach, documents say

Related: