pull down to refresh

Data leak at Editorialist affects thousands of shopperscybernews.com/privacy/editorialist-data-leak/
0 sats \ 0 comments \ @slightingslot 22 Mar security
The luxury fashion shopping platform Editorialist has been leaking user data for months.
Editorialist.com, formerly Project YX, is an e-commerce platform for luxury fashion that also features personal styling advice to boost sales.
On September 26th, 2023, the Cybernews research team discovered an exposed cloud storage (namely, an Amazon S3 bucket) that, considering the sensitive data it contained, most likely wasn’t meant to be accessible to the public.
The storage, seemingly left open accidentally via a misconfiguration, belongs to Editorialist.com and contains over 7,000 client invoices with Editorialist.com clients’ names, addresses, and descriptions of shopping items.
It also contains 316 spreadsheets (XLSX/CSV files) under the “credit card sheets” folder and exposes the following information:
  • User ID
  • First and last name
  • Card name and type
  • The last four payment card digits
  • Card expiration date
  • Cardholder’s email
  • And local amount, among other information.
write
preview
related posts