Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users

Few people are familiar with the Chicago-based MBM Company, Inc, but perhaps you might be familiar with its jewelry brand Limogés Jewelry. This firm sells cut-price trinkets through its website to customers across the US and Canada. Researchers from German security firm Kromtech Security allege that until recently, MBM Company was improperly handling customer details. On February 6, they identified an unsecured Amazon S3 storage bucket, containing a MSSQL database backup file. According to Kromtech Security’s head of communications, Bob Diachenko, further analysis of the file revealed it held the personal information for over 1.3 million people. This includes addresses,…

This story continues at The Next Web
The Next Web