Over 900,000 Accounts at Risk in Collectibles.com Data Leak

Collectibles.com, formerly known as Cardbase, has suffered an accidental leak of nearly 900,000 users’ sensitive information. The leaks included full names, email addresses, transaction history, and trading card sales details. This significantly increases the risk of fraud and identity theft.

Cybersecurity experts have discovered an unsecured Elasticsearch server containing nearly 300GB of personal information from Collectibles.com users. The database contained transaction records, profile data, and images. This allows attackers to use this information for identity theft, financial fraud, and targeted attacks.

Despite being alerted to the issue, there has been no official comment from the company. However, after researchers contacted them, access to the database was suspended. There is no confirmed information that the data has fallen into the hands of cybercriminals, but open access to the database for 10 days increases the risks.

Data leaks of this scale occur regularly due to weak server security. Elasticsearch is a powerful tool for processing large amounts of information, but its incorrect configuration can lead to database vulnerabilities and public access. Similar leaks have already caused significant reputational and financial losses for other companies.

What can this threaten users?

1. Fraud schemes: Attackers can send fake messages on behalf of Collectibles.com.
2. Identity theft: Information can be used to create fake accounts.
3. Financial blackmail: Transaction data helps hackers choose victims at significant costs.

Negligence in data security can have serious consequences for companies and their users. Experts recommend using two-factor authentication, being careful with phishing messages, and monitoring your account activity.