New cybersecurity concerns have risen as a security researcher has made an alarming discovery millions of data lying on the internet pertaining to Chinese citizens who have shopped from a specific ecommerce site.
The finding was discovered by CloudDefense.AI recently. Our cybersecurity researcher, Viktor Markopoulos, has reported the issue. He further added that the data was extracted from a database belonging to a Chinese e-commerce site named Zhefengle that provided import services to its clients.
Immediate Actions Taken
Shortly after the discovery, the e-commerce site was contacted with the details of its breach, and the database was made inaccessible to the Internet. A C-level executive from the site responded that they’ve mitigated the vulnerability and are currently conducting an internal audit to derive the cause of the exposure.
Viktor also mentioned that the database was not password-protected and contained approximately 3.3 Million orders made to the site. It consisted of the addresses where the orders were shipped, the personal phone numbers, and the Chinese resident identity card numbers of the respective customers.
As verified by him, almost all online import service providers in China require their customers to upload pictures of their Identity Card numbers on their platforms before their orders are processed.
Duration of Exposure
As reported on Tech Crunch, we haven’t found out how long the database has been available on the Internet, but we have derived that it contains orders from 2015 up to 2020. Being unprotected, anyone connected to the internet could access the database simply through their browsers.
Though the damage done is still unknown, it raises concerns about identity theft and other probable malicious activities carried out by threat actors.
Learning from this Incident
This data breach stands as a lesson for all companies worldwide, showing them how data security cannot be taken lightly at all. Viktor highlights the importance of using password protection and other authentication methods very strongly as he studies the case.
Encrypting data and only storing it in personal servers is just as necessary so that the data cannot be decoded even if there is an exposure. Viktor went on to say that the exposure wouldn’t have taken place if the company had kept the database secure with a VPN and a firewall.
How CloudDefense.AI can help you to stay protected
CloudDefense.AI strives to save its clients from such data breaches. Our top-of-the-market CNAPP ensures cloud security is not compromised as we help enterprises implement access controls, identity management, and other user authentication methods.
We excel in providing you with Application security tools that ensure security is maintained throughout the development cycle, keeping vulnerabilities as low as possible. That’s not all; we provide an unfair advantage over cyberattackers as you identify exposable vulnerabilities through our game-changing Hacker’s View™ capabilities, outsmarting any cloud security tool in the market.
Conclusion
In summary, CloudDefense.AI’s Viktor Markopoulos has done an outstanding job by discovering a major cybersecurity breach at an e-commerce site named Zhefengle that left nearly 3.3 Million citizens exposed to identity theft. Zhefengle, once notified, took down their database from the internet. This incident serves as a crucial lesson for all companies on the importance of data security.
Anshu Bansal, a Silicon Valley entrepreneur and venture capitalist, currently co-founds CloudDefense.AI, a cybersecurity solution with a mission to secure your business by rapidly identifying and removing critical risks in Applications and Infrastructure as Code. With a background in Amazon, Microsoft, and VMWare, they contributed to various software and security roles.
