Two cashback sites leaked data of 3.5 million users
Al Restar writes:
Two popular cashback services have leaked nearly two terabytes worth of personally identifiable information (PII) and account data in an unprotected Elastic database. The two cashback websites have been operating mostly in the United Kingdom and India.
Cybersecurity experts from the Security Detectives (sic) Research team discovered an unprotected Elasticsearch database containing at least two terabytes worth of PII and account information of Pouringpounds.com and Cashkaro.com.
The two sister sites are operating in the U.K. and India, and are both owned by Pouring Pounds Ltd. The leak has affected approximately 3.5 million individuals.
Read more on Z6 Magazine.
Note: The firm is Safety Detectives, and senior researcher Anurag Sen (@hak1mlukha on Twitter) pointed out that the surprising element was that passwords were all in plaintext. I guess we shouldn’t be surprised by such lack of security any more.