Genius is an app-based cash register that integrates many different processes to help small shop owners.
The database in question is mostly related to payments made via the app.
If malicious hackers had discovered this database, theconsequences could be devastating for those exposed.
Their operations include insurance, banking, webmail hosting, and many more services for private citizens.
The company also offersservices for small-to-medium businesses (SMBs) in France.
These include Genius, the cash register app.
But rare are these times.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research or playing down its impact.
The database was closed almost three weeks after our first contact with the French CNIL.
For example, “10150” = 101.50).
Aside from exposing client users of their app, the databasealso inadvertently made employees of La Poste vulnerable.
This was most likely due to the affected employees testing the app in-house.
La Poste even acknowledges GDPR, though not by name, in their Terms of Service.
The leak also created a potentially more traumaticphysical danger for the shop owners.
Lastly, Genius users could be vulnerable to dishonest actions by competitors.
With access to sales and pricing data analytics, a competitor could undermine the user with competing offers.
This may further drive customers away from an exposed Genus user.
“Hopefully, they will fulfill this obligation and inform any party affected by the leak.
Our researchers use port scanning to examine particular IP blocks and test open holes in systems for weaknesses.
They examine each hole for data being leaked.
We then alert the company to the breach.
La Poste uses an Elasticsearch database, which is ordinarily not designed for URL use.
Asethical hackers, we’re obliged to inform a company when we discover flaws in their online security.
This is especially true when the companies data breach contains such private information.
These ethics also mean we carry a responsibility to the public.
Genius users must be aware of how a data leak impacts them also.
About Us and Previous Reports
vpnMentor is the world’s largest VPN review website.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
[Publication date: 11.12.2019]
just, comment on how to improve this article.
