Walmart Jewelry Vendor Exposes Information for 1.3 Million

MBM Company, a Walmart jewelry partner operating under the name Limoges Jewelry, left exposed the personal information and passwords of over 1.3 million customers in an Amazon (S3) Simple Storage Service bucket. The database also had records with information about other retailers, including HSN, Amazon, Overstock, Sears, Kmart and Target.

A security research center found the publicly accessible bucket in February 2016 with names, addresses, phone numbers, emails, IP addresses and plain text passwords. Evidence found suggests that the information was available from at least January 13, 2018. The name of the storage bucket was walmartsql.

There were records ranging from 200 until early 2018. The database contained other information, such as encrypted credit card details, item orders, payment details and MBM mailing lists.

There was no evidence left behind intentionally that the information had been accessed.