As reported by Cybernews lately, Bengaluru-based popular food delivery service platform FreshMenu has exposed over 3.5 million order details along with sensitive customer information including phone numbers, Emails, Names, Billing and Shipping addresses, and IP addresses.
According to the report, the Cybernews research team claims that a 26 GB strong MongoDB database containing the data was not secured with a password – making it vulnerable to public exposure.
Though the database wasn’t exposed for more than 2-3 days period, it takes only a few seconds for the threat actors to dump discovered open sets of data using automation, and companies need to make sure that sensitive information is always hidden from the public eye.
On December 14, Cybernews sent out a note regarding the data leak to FreshMenu and also requested an on-the-record comment but received no reply – noting that the database is now secured.
“The exposed data provides threat actors with the potential to engage in identity theft, phishing attacks, and targeted scams. The comprehensive nature of the leaked information could enable malicious actors to exploit customer vulnerabilities, compromise privacy, and potentially perpetrate fraudulent activities,” says the Cybernews research team