Skip to main content

Unprotected database leaves millions of sales records exposed; eBay, Shopify, and Paypal users be aware

Unprotected database leaves millions of sales records exposed; eBay, Shopify, and Paypal users be aware
(Image credit: Shutterstock)

A database containing millions of shoppers' personal information was left exposed, online, without any password protection by a software vendor used by smaller retailers in the European Union. 

The website Comparitech first reported the information leak. According to the source, the software vendor's app pulled sales records from payment systems like those of Amazon UK, eBay, Shopify, PayPal, and Stripe. About half of the data exposed came from Amazon UK and eBay. Those sales records included information like customer names, email addresses, shipping addresses, purchases, and the last four digits of credit card numbers, among other types of data. 

Then, the database, made up of almost 8 million sales records, was published on the web. It was made available on search engines, and anyone was able to access that information without a password. 

Shoppers' personal data was reportedly exposed for five days before it was shut down. 

Why did this happen?

Shoppers may ask themselves why this third-party app had access to their information to begin with. The vendor's app was meant to pull sales records from Amazon UK and others in order to calculate value-added taxes for different EU countries.

What does this mean for online shoppers?

Shoppers who have used Amazon UK, PayPal, and other affected organizations should be wary. Their information was made public for five days, which means that there is a chance that anyone could have used that data or sold it to scammers or cyber criminals. 

So you've shopped online using one of these services. What do you do now? To stay in-the-know about how at-risk you are, opt for one of the best identity theft protection services and the best computer protection software. Even if you haven't used the services listed by Comparitech, it's a good idea to choose one of these services, which can identify a data breach early on and send you an alert so you can take the right steps to protect your identity before it's too late. Alternatively, you can opt for one of the best background check services through which you can monitor your reputation online for possibly a lower cost. 

If you're not sure if you should pay to protect yourself, there are steps you can take right now to decrease the odds that your identity will be stolen. You can enable two-factor authentication, strengthen your passwords, and search for forgotten online accounts, among other ways.