It looks like Verlo Mattress Factory forgot to leave off the last “S” for security: A security researcher has come across an open Elastic database set containing 387,000 records associated with customers of Verlo Mattress Factory.
Jeremiah Fowler, senior security researcher with
SecurityDiscovery.com, reported that
he discovered the non-password protected database on September 5 that had 387,604
records exposing names, phone numbers, emails, home address, billing address.
Additionally, login credentials with hashed passwords for internal users were
in the folder along with IP addresses, ports, pathways, and storage info that
cybercriminals could exploit to access deeper in to the network.
Fowler attempted to contact Verlo multiple times, but
received no response. However, the database was locked up shortly after his
initial notification to the company.
“It would have been nice to know if this was indeed a single franchise dataset or more? Who managed it? Was it the corporate office or the franchise that was responsible?” he wrote.
Verlo has 36 locations in Wisconsin, Illinois, Colorado,
Iowa, Georgia, and Missouri.