Malaysian software provider leaked 1 million customers' data

Almost a million customer records were exposed on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.

Cybersecurity experts said they found a StoreHub sever that stored unencrypted data and was not password protected. The cybersecurity firm’s researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totalling over a terabyte.

StoreHub’s wares offer point of sale and online ordering, and the vendor therefore stores data about businesses that run its product and individual buyers’ activities.

Among the exposed data were:

StoreHub has now engaged a security consultancy to "verify and prevent future potential vulnerabilities" and has pledged to do much better in future.

In the same time, the principal stock exchange in Uganda, the Uganda Securities Exchange, has been caught leaking highly sensitive financial and sensitive data of its customers and business entities across the globe.