- An online bookstore in Mexico has exposed the same customer data for the second time in a few months.
- The company didn’t even clear the ransom warning messages that hit them the last time.
- The database has been secured now, but the exposed customers should reset their credentials.
Researcher Bob Diachenko has discovered three accessible and unprotected MongoDB instances belonging to the popular Mexican online bookstore “Librería Porrúa”. This is the second time that the same entity spills the beans over a period of three months, as they did the same think back in July 2019, exposing about 2.1 million records that included 960k customer profiles. That incident was discovered by Diachenko again, while the contents of the database were wiped by hackers who locked it down and demanded the payment of a ransom.
As it seems, the Mexican bookstore wasn’t shaken by this event, and they moved on to creating a new database to work with. Apparently, they left it exposed by not setting up a password again, and they have copied the ransom notices which were asking for a ransom of 0.05 Bitcoin from the previous event. The customer information that was exposed for a second time includes the full names of the clients, their physical addresses, their email addresses, their phone numbers, and their authorization tokens for accessing the online bookstore.
This time, the records that concern customer profiles are just over a million, so the new database contains about 61k more entries than the last time. The deduction from this is that the database is a live production one, used by Librería Porrúa for their online sales. The difference this time was the time taken for the bookstore to answer to Diachenko’s notification, as it only took them 24 hours to secure the database. Still, it’s almost comical that they managed to blunder again in such a short period of time.
Librería Porrúa is a historic entity in Mexico, selling and publishing books since 1910. Today, they operate more than 60 commercial libraries throughout the country, so they are renown and trustworthy retailer. As these recent events prove, however, no one can be trusted, especially companies who have back to back failures in protecting not only their client data but also their own technical infrastructure. For those of you who have bought a book from the particular online bookstore, you should reset your credentials immediately. Librería Porrúa is unlikely to send notifications or publish an official warning about the incident, as they didn’t do that last time either.