The data leak was discovered by VPNmentor in late November, data in the archive
“A massive database, it contained over 1 terabyte of daily logs and compromised the security of LightInTheBox customers across the globe.”
The unsecured Elasticsearch installs contained over 1.3 TB of data, totaling over 1.5 billion records, it also included data from their subsidiary sites such as MiniInTheBox.com.
vpnMentor researchers pointed out that the security measures implemented by the retailer were insufficient.
The web server log contained activities related to the site dating from 9th of August 2019 to 11th of October.
Exposed data included email addresses, IP addresses, countries of residence and pages each visitor visited on LightInTheBox’s website.
Experts warn of possible phishing attacks that could be launched by crooks that had access to users’ email addresses and their browsing history.
Below the timeline of the discovery:
“This data breach represents a major lapse in LighInTheBox’s data security. While this data leak doesn’t expose critical user data, some basic security measures were not taken. This is a time of the year with a lot of online shopping: Black Friday, Cyber Monday, Christmas. Even a large leak with no
“By exposing their data, LightInTheBox risks further loss of business that could negatively impact future revenues.”
(SecurityAffairs – Iran, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.