Brillen.de: Around 3.5 million customer data records openly online
Data from millions of customers was probably openly available online at brillen.de. They were taken offline without any further information.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The provider brillen.de has apparently suffered a major data leak. Data from more than 3.5 million European customers, primarily from Germany, Austria and Spain, was apparently freely accessible online.
The medium Cybernews found an Elasticsearch instance of brillen.de on August 8 that did not use authentication. It was apparently a cluster for processing large amounts of data. It contained 2,464,579 data records from Germany, 961,000 from Spain and 90,000 of Austrian origin.
brillen.de data leak: Accessible data
The Elasticsearch cluster reportedly contained the names, addresses, emails, mobile numbers, genders, dates of birth and detailed order information such as invoice amounts, dates and numbers of the company's customers. After the IT researchers reported the incident to brillen.de, the cluster went offline on August 10 without any further response from the company.
Videos by heise
It is not yet clear how long the data was open on the Internet. When search engines come across the open databases, for example, they index the data – which is then available to everyone on the net, Cybernews points out. Cyber criminals are also constantly looking for databases with user data that can be sold lucratively in the digital underground or misused directly for identity theft or targeted phishing.
The incident has not yet been confirmed. The data protection officer of brillen.de had no knowledge of these processes at the time of reporting. The data protection officer of the state of Brandenburg did not immediately respond to our inquiry as to whether they had received a report of a data protection incident. If we receive further information, we will supplement the report accordingly.
Of course, German institutions, organizations and online stores are also under constant attack from cyber criminals. At the end of September, for example, it became clear that disruptions at around 450 German youth hostels at the end of August were due to a ransomware attack. Other supposed data leaks, however, turn out to be false alarms, such as one at classified ads in mid-September.
(dmk)
