Categories: Ad Guardian PlusNews

Over 1TB of customer data leaked

Vpnmentor discovered over 1TB of customer data leaked from a huge online retailer.  Researchers found the breach in the security of LigthInTheBox – a Chinese online retailer with a significant North American fan base.

Researchers managed to gain access to a database containing over 1 TB of customers data, meaning daily logs. These total up over 1.5 billion records.

The leak compromised the security of customers all around the world. Also, researchers accessed data from subsidiary sites, such as MiniInTheBox.com.

“Our team was able to access this database because it was completely unsecured and unencrypted,” researchers mentioned.

Vpnmentor notified the vendor of the breach on November 24. The owner closed it shortly after, although it did not reply.

LightInTheBox sells clothing, different items for the home and garden, but also clothing, accessories and gadgets. Most of the 12 million monthly visitors are based in North America and Europe.

Although it closed the breach, the company has not provided any specific details about their data security and storage practices. Also, it has not made public any of the measures they may take to protect their customers’ data.

“The data breach affected customers around the world, with entries from many of their international sites, and in numerous languages,” Vpnmentor researchers rote.

Additional risks

The security specialists disclosed that the over 1TB of customer data leak exposed email addresses, users’ IP addresses, countries of residence, and the destination pages. Also, the recordings of the online activity of users on the vendor’s website.

“This data breach represents a major lapse in LightInTheBox’s data security. While this data leak doesn’t expose critical user data, some basic security measures were not taken,” mentioned researchers.

Also, they warned that a leak of this nature could put customers at risk. They could become the victims of crimes far more disturbing than online fraud.

“With a website user’s IP address, we were able to identify their city of residence. If a criminal hacker had access to this, along with the other data exposed, they could trick a victim into revealing their home address, and target them for theft and home robbery,” researchers warned.

Laurentiu Titei

Recent Posts

How to Change My Default Browser on Windows 11 and 10

Windows ships with Edge as the default browser. However, that does not mean you have…

6 hours ago

5 Best VPN for Binance in 2026 (Free and Paid)

Binance, a popular cryptocurrency exchange platform, is unavailable or restricted in regions such as the…

1 day ago

Best Free VPN for Spotify in 2026 [Access Spotify]

It may come as a surprise, but Spotify is available in over 184 markets. In…

2 days ago

Fix Surface Pro 3 – White Spots on Screen Issue

The other day, we noticed white spots on the screen. For us, a computer screen…

3 days ago

How to Find the Epson L380 Driver for Windows System

Epson is a renowned name in the printer industry, known for its world-class yet cost-efficient printers, Epson…

4 days ago

Solved: Application Unable to Start Correctly 0xc0000142 Error

The “application unable to start correctly” 0xc0000142 error code is a problem for many Microsoft…

4 days ago