The ElasticSearch server and its vulnerability were discovered during a routine check of IP addresses on particular ports.
We tried to reach out to Windeln.de, but nobody ever got back to us.
We then contacted the German CERT, so they could inform the company about the data leak.
User detail with hashed password
A few days later, the server got secured.
Who is windeln.de?
The company also operates a large cross-border e-commerce business between Europe and China.
The parent company claims to serve around 700,000 customers with 40 distinct brands in 7 countries.
In 2019, windeln.de generated revenues of 82 million and is currently publicly listed on the Frankfurt stock exchange.
What was leaked?
Record of Bebitus account tokens
In total, the database contained a total record count running in excess of 6 billion.
Records showed full names, dates of birth and gender information.
One of the biggest dangers, in this particular case, is the personal impact on users.
The threat of identity theft and fraud is persistent when private data is unsecured and unencrypted.
About Us
SafetyDetectives.com
is the worlds largest antivirus review website.
Published on: Sep 15, 2020
