A US online pet store has exposed the details of more than 110,400 credit cards used to make purchases through its website, researchers have found.
In a stunning show of poor security, the Austin, Texas-based company FuturePets.com exposed its entire customer database, including names, postal and email addresses, phone numbers, credit card information, and plain-text passwords.
Several customers that we reached out to confirmed some of their information when it was provided by ZDNet, but they did not want to be named.
The database was exposed because of the company’s own insecure server and use of “rsync,” a common protocol used for synchronizing copies of files between two different computers, which wasn’t protected with a password.
Researchers at the Kromtech Security Research Center found the database in November. But after numerous efforts to contact the company by phone and email, the database was only secured this week.
It’s not clear who’s to blame for the breach.
