1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Top collectibles site leaks personal data of nearly a million use

    From TechnologyDaily@1337:1/100 to All on Thursday, March 20, 2025 17:15:09
    Top collectibles site leaks personal data of nearly a million users

    Date:
    Thu, 20 Mar 2025 17:04:00 +0000

    Description:
    Cybernews found a non-password-protected database containing Collectibles.com user names, addresses, and more.

    FULL STORY ======================================================================Cybernew s found an Elasticsearch instance with 870,000 unique records They were generated by Collectibles.com, a major collectible cards marketplace The database was locked ten days later

    Collectibles.com, a major collectible cards marketplace, has been leaking sensitive information on hundreds of thousands of users, exposing them to
    risk of identity theft, wire fraud, phishing, and more, experts have claimed.

    This is according to the research team from Cybernews , who recently discovered, and reported, a non-password-protected Elasticsearch instance.

    The team found a 300GB cluster of valuable user data, counting more than 870,000 records, each representing a different person, noting how, The exposure of user details and transaction histories poses a significant security risk, potentially enabling identity theft, targeted fraud, and account takeovers." Working around security solutions

    Formerly known as Cardbase, Collectibles.com, is an online marketplace and management platform for collectors, allowing users to track, buy, and sell various collectibles, including trading cards, comics, and memorabilia. In a 2024 press release, the company claimed to have roughly 300,000 users.

    The data Collectibles.com was leaking includes peoples full names, their
    email addresses, profile picture links, other user account details, collectible card sales, and transactional data.

    Cybernews reached out to the company to report their findings, but besides
    an automated response, the company did not acknowledge the data leak, they said.

    The instance was closed ten days later, although we dont know for how long it remained open before being discovered. We also dont know if any malicious actors discovered it before Cybernews , and possibly even used the data in phishing.

    Exposed databases remain one of the key causes of data leaks. Many organizations hoard sensitive customer data in a cloud database, some of
    which dont understand that with cloud, security is a shared responsibility.

    Security researchers and cybercriminals alike can use tools like Shodan or Elasticsearch to find these databases and use the information found there to run all kinds of scams. You might also like Massive online data breach sees 2.7 billion records leaked - here's what we know We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-collectibles-site-leaks-personal-da ta-of-nearly-a-million-users


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)