A publicly-viewable GitHub repository of Adafruit resulted in unauthorized access and data leak of some of its user data.
The exposed data included names, email addresses, shipping/billing addresses, order details, and order placement status via payment processor or PayPal.
Adafruit immediately worked with the former employee, deleted the relevant GitHub repository, and investigated the incident.
TPRM report: https://scoringcyber.rankiteo.com/company/adafruit
"id": "ada13627422",
"linkid": "adafruit",
"type": "Breach",
"date": "03/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'E-commerce',
'name': 'Adafruit',
'type': 'Company'}],
'attack_vector': 'Publicly-viewable GitHub repository',
'data_breach': {'personally_identifiable_information': ['names',
'email addresses',
'shipping/billing '
'addresses'],
'type_of_data_compromised': ['names',
'email addresses',
'shipping/billing addresses',
'order details',
'order placement status via '
'payment processor or PayPal']},
'description': 'A publicly-viewable GitHub repository of Adafruit resulted in '
'unauthorized access and data leak of some of its user data.',
'impact': {'data_compromised': ['names',
'email addresses',
'shipping/billing addresses',
'order details',
'order placement status via payment processor '
'or PayPal']},
'response': {'containment_measures': ['Deleted the relevant GitHub '
'repository'],
'remediation_measures': ['Investigated the incident']},
'title': 'Adafruit GitHub Data Leak',
'type': 'Data Leak',
'vulnerability_exploited': 'Misconfigured GitHub repository'}