Office Depot Europe Exposed One Million Customer Records Online

  • Just under a million European customer records of Office Depot were leaked online.
  • The firm failed to properly secure a production server that exposed its network too.
  • It is likely that a hacker had already found a way into the corporate network before the discovery of the database.

The latest Elasticsearch database tumble comes from Office Depot Europe, who, according to a report shared by researcher Jeremiah Fowler, failed to protect a “live” production server. The researcher and his team found the accessible data on March 3, 2021, and immediately sent a disclosure notice to Office Depot.

The firm secured it within hours, and two days later, they thanked the reporters. Although the response was quick, the data may have stayed online and accessible by anyone for long enough to be exfiltrated by malicious actors.

In total, Fowler was able to access 974,050 records which included the following types of data:

  • Names
  • Phone numbers
  • Physical addresses (home and/or office)
  • @members.ebay addresses
  • Hashed passwords
  • SSH Login information
  • Dashboard and user group logs
  • Hostnames, IP addresses, and pathways
  • Middleware details
Source: WebsitePlanet.com

All in all, the data exposed both Office Depot customers and also the firm itself to the dangers of hacking and corporate network compromise. Unfortunately, most of the customer-exposing records were in plain text form, apart only from the passwords maybe.

Source: WebsitePlanet.com

As Fowler explained in his message to TechNadu, Office Depot made a peculiar announcement about a week prior to discovering the data, mentioning a malware infection that would cost them €20 million. This is matching the maximum amount of GDPR fines, so it’s possible that the firm was already dealing with an intruder who found his way in thanks to key details that were left exposed on the unprotected database.

The PII data contained in the exposed set has several references to German citizens, and so an investigation launched by the German data protection officer should be considered a given now. Also, if Office Depot failed to inform the authorities within 72 hours after the discovery of the data breach, as obliged by the regulation, additional fines may be imposed.

If you are a customer of Office Depot, you should first contact the firm and ask for details about the breach and how it affects you. Additionally, since phone numbers are included in the leak, you should be aware of the possibility of smishing - and generally tricky calls from scammers. The physical addresses also make post phishing likely, even though that’s seldom something that crooks bother with.

REVIEW OVERVIEW

Latest

How to Watch Washington Wizards Games Online Without Cable

The Washington Wizards have been the surprise package of the NBA season so far, exciting fans all over the world with their...

How to Watch Philadelphia 76ers vs. Boston Celtics: Live Stream, Start Time, TV Channel, Odds, Predictions

The NBA regular season continues on Wednesday evening, with the Boston Celtics hosting the Philadelphia 76ers at the world-famous TD Garden in...

How to Watch Sacramento Kings vs. Los Angeles Clippers: Live Stream, Start Time, TV Channel, Odds, Predictions

The Los Angeles Clippers will be looking to return to winning ways as they battle it out against the Sacramento Kings in...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari