Founded in 2007, LightInTheBox ships internationally, with most of its customers in North America and Europe.
But rare are these times.
Understanding a breach and its impact takes time and careful attention.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research or playing down its impact.
So, we need to be thorough and double-check everything we find is correct and true.
While we didn’t receive a reply from the company, the database breach was closed shortly after.
Based on our team’s discovery,the measures they were taking were insufficient.
The breached database contained over 1.3TB of data,totaling over 1.5 billion records.
Data Breach Impact
The data breach signifies asignificant failure in LightInTheBox’s data security protocols.
Despite the data leak not revealing crucial user information, some fundamental security precautions were not observed.
By exposing their data, LightInTheBox risks further loss of business that could negatively impact future revenues.
With access to user emails, cybercriminals could create convincing phishing campaigns with emails imitating LightInTheBox.
There is also a physical danger.
With a website user’s IP address,we were able to identify their city of residence.
Our researchers use port scanning to examine particular IP blocks and test open holes in systems for weaknesses.
They examine each hole for data being leaked.
When they find a data breach, they use expert techniques to verify the database’s identity.
We then alert the company to the breach.
The company uses an Elasticsearch database, which is typically not designed for URL use.
As ethical hackers,we’re obliged to inform a company when we discover flaws in their online security.
This is especially true when the companies data breach contains such private information.
However, these ethics also meanwe carry a responsibility to the public.
LightInTheBox customers must be aware of a data breach that impacts them also.
About Us and Previous Reports
vpnMentoris the world’s largest VPN review website.
We also recently revealed that a company owned by major hotel chainAccorHotels exposed over 1TB of guests' data.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
[Publication date: 16.12.2019]
just, comment on how to improve this article.
