Ecco, a global shoe manufacturer, and retailer exposed millions of documents.
The server misconfiguration’s severity left the company open to an attack that could affect customers all over the world.
Ecco left 50 indices exposed to the public, with over 60GB of data accessible since June 2021.
Millions of sensitive documents, from sales to system information, were accessible.
Anyone with access could have viewed, edited, copied and stolen, or deleted the data.
Source: https://securityaffairs.co/139885/data-breach/shoemaker-ecco-data-leaks.html
TPRM report: https://scoringcyber.rankiteo.com/company/eccointl
"id": "ecc14922123",
"linkid": "eccointl",
"type": "Breach",
"date": "12/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': ['Worldwide'],
'industry': 'Shoe Manufacturing',
'location': 'Global',
'name': 'Ecco',
'type': 'Retailer'}],
'attack_vector': 'Server Misconfiguration',
'data_breach': {'number_of_records_exposed': ['Millions of documents'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sales Information',
'System Information']},
'description': 'Ecco, a global shoe manufacturer, and retailer exposed '
'millions of documents due to a server misconfiguration, '
'leaving the company open to potential attacks affecting '
'customers worldwide.',
'impact': {'data_compromised': ['Sales Information', 'System Information']},
'post_incident_analysis': {'root_causes': 'Server Misconfiguration'},
'title': 'Ecco Data Exposure Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Publicly Accessible Server'}