A major data leak has hit Brillen.de, a popular online seller of glasses and visual aids. Due to a setup error, private data of more than 3.5 million users became freely available on the web. The exposed information includes names, addresses, emails, phone numbers, and even birth dates, impacting customers from Germany, Austria, and Spain.
Exposed data found by security experts
The leak was discovered by security experts in August 2024. They found an unprotected Elasticsearch cluster linked to Brillen.de. Elasticsearch is a tool designed for large-scale data searches, but in this case, no login or verification was in place. This allowed anyone on the web to access the database without limits.
The leaked data included almost 2.5 million sets from Germany, one million from Spain, and 90,000 from Austria. Beyond personal details, order records were also visible. This included invoice numbers, order dates, and total amounts, posing serious privacy risks for users.
Gizchina News of the week
Brillen.de responds but stays quiet
Once alerted, Brillen.de acted quickly and shut off access to the data within two days. However, the company has not made any public comment since the incident.
Even the firm’s data officer did not seem aware of the leak at the time of discovery. The local data authority in Brandenburg has also not received any formal notice of the breach. This raises questions about the company’s response and communication practices.
Risks for affected users
It is unclear how long the data remained unprotected online. Experts warn that even after a breach is fixed, search engines can still store copies of the exposed data, keeping it accessible to bad actors.
Users affected by this leak now face higher risks of identity theft and phishing scams. With both personal and purchase details available, scammers could send highly convincing emails or texts to trick customers into sharing more data or money.
The data leak at Brillen.de shows the dangers of poor online security. This breach exposes millions of users to scams and fraud, and the lack of clear communication from the company adds to the concern. Users are urged to be cautious of any suspicious messages and keep an eye on their accounts for unusual activity.