Oops, I had missed this one last week. Sergiu Gatlan reported:
An unprotected Elasticsearch cluster found via a Shodan search exposed 37,900 records of Kool King Shop customers, a French online shop specifically tailored to be used by kids who bought Burger King menus.
As Security Discovery researcher Bob Diachenko discovered after further investigation, the data was leaked because the database storing it was misconfigured, allowing anyone with an Internet connection and the knowledge to find it to get to the records stored within.
[…]
The 37,900 Kool King Shop member records contained personally identifiable information (PII) such as “emails, passwords (access to the portal), names, phones, DOB, voucher codes, links to the externally stored certificates, etc.”
Read more on BleepingComputer.