ORIGINAL STORY [1:14 PM]: You may not have heard of the name StoreHub, but you may have made use of its software at some point in time. The company provides point of sale (POS) software to over 1500 businesses, including retail shops and restaurants. But a report by cybersecurity publishing group SafetyDetectives claims that it may have left the personal data of about a million people exposed. According to the report, the vulnerability was discovered all the way back in January. This left over 1TB of data, including 1.7 billion records and the aforementioned personal information of a million people, at risk. More specifically, the data can be divided into two categories: data of businesses using StoreHub, and data of said business’ customers. Personally identifiable information among the data include people’s full names, phone numbers, physical and email addresses, as well as type of device used. In a statement to The Star, StoreHub said that “the vulnerability was patched and resolved” on the same day the company was informed by AWS. Though this notification reportedly came on 3 February via email, which doesn’t quite match up with mentioned timeline provided by SafetyDetectives. At any rate, this is one more incident of people’s personal data being either exposed or leaked outright. Just within the last month, there have been two other instances. One was the exposure of employee data under PIKAS. The other was the data set containing personal information of about 22.5 million Malaysians. The Ministry of Home Affairs has since denied that the latter came from the national registration department (JPN). (Source: SafetyDetective, The Star via Amanz)
