BrandBQ owns several retail and fashion brands operating in Eastern Europe.
It appears the exposeddatabase belonged to at least one of these brands websites, Answear.
The database also included entries from another BrandBQ website, WearMedicine.com.
But rare are these times.
Most often, we need days of investigation before understanding whats at stake or whos leaking the data.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
Furthermore, the server was hosted by a company in Poland, where BrandBQ is headquartered.
These revealed any actions taken by a user on the app, along with their PII data.
The number of iOS downloads is unknown.
They also showed internal logs and other resources within the database.
Using this information,hackers and criminal groups could create incredibly convincing phishing emails targeting shoppers on BrandBQs websites.
With over 700 employees, this is a real risk for BrandBQ.
Such information would be a huge asset for anyone trying toattack BrandBQ or find vulnerabilities in its networkto exploit.
The result would be highly targeted, devastating attacks that could cripple the company for years.
Corporate Espionage and Legal Issues
Competitors could also exploit the exposed database and use it against BrandBQ.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
It shows you the many ways cybercriminals target internet users and the steps you could take to stay safe.
They examine each weakness for any data being leaked.
Our team was able to access this database because it was completely unsecured and unencrypted.
BrandBQ was utilizing an Elasticsearch database.
However, BrandBQ failed to follow these practices.
As ethical hackers,were obliged to inform a company when we discover flaws in their online security.
The purpose of this web mapping project is to helpmake the internet safer for all users.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
This includes an enormous leakexposing the data of over 1 million American students.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
Help Us Protect the Internet!
