Chinese e-Commerce Site Data Breach

Security Checkers Security

Data breach affecting 1.3TB of Chinese e-commerce website LightInTheBox.com has been uncovered.

Chinese e-commerce website LightInTheBox.com has been targeted by hackers in late November, two researchers have confirmed. The breach, which took place in late November and affected 1.3TB of the server’s log entries. was discovered by VPNmentor’s research team. It compromised user email and IP addresses, countries of residence and pages each visitor viewed on the website.

Noam Rotem and Ran Locar, which are part of VPNmentor’s research team, noted that the data was “unsecured and unencrypted” and can be accessed from an ordinary web browser. They added that the information was held on an Elasticsearch database, which “is ordinarily not designed for URL use.”

The two researchers added: “The database [we found] was a web server log – a history of page requests and user activity on the site dating from 9th of August 2019 to 11th of October,” 

LightInTheBox.com, which does not give obvious hints that it is based in China, is an online retailer selling small accessories, clothing and gadgets.