Hariexpress – A Brazilian E-Commerce Company – Leaked 1.75 billion Confidential Files

Hariexpress – A Brazilian E-Commerce Company – Leaked 1.75 billion Confidential Files

Hariexpress, a Brazilian e-commerce entity that provides services to several of the country’s major online shopping websites, exposed about 1.75 billion confidential files.

Hariexpress is based in Sao Paulo and integrates different processes into one platform to help businesses with multiple e-commerce stores increase efficiency and operational competence.

Magazine Luiza, Mercado Livre, Amazon, and B2W Digital are among the company’s clientele. The national postal service, Correios, is one of its partners, and it was also affected by the event.

The problem is attributable to a misconfigured and unsecured ElasticSearch server, said the security researcher Anurag Sen of Safety Detectives, who found the leak in July 2021. It contains more than 610GB of exposed data. The researchers noticed that after initial contact, they were unable to re-establish contact with the firm.

Experts confirm that client banking information was not compromised. However, the leak revealed a large amount of personal data, including complete names, business and residential addresses, e-mail addresses, social security numbers, and company registration numbers.

According to Safety Detectives, all sorts of purchase data, including dates, hours, and prices of items sold, as well as copies of invoices and login passwords to the Hariexpress service, were also revealed.

Due to the large number of duplicate e-mail addresses identified in the leaked data, the researchers could not estimate the precise number of individuals affected. However, the breach likely affected thousands of people.

Furthermore, it is impossible to determine whether or not other parties had access to the information. Experts warn that the exposed data set may be abused in phishing and social engineering attacks.

Because of the type of information leaked, other crimes like burglary and extortion cannot be ruled out entirely.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.