Social Commerce Website Trustanduse Exposed Half A Million Users
Data of around 439,000 users including many businesses were exposed due to security loopholes on the social media marketplace trustanduse.com.
The 855GB database of Trustanduse unintentionally leaked on June 21 and kept exposing users’ personal and professional information for at least six months. Around 439,000 users’ sensitive data was leaked, including usernames, full names, encrypted hashed passwords, phone numbers, and Facebook IDs.
Trustanduse.com is a consumer review platform based in Athens and was founded in 2016. Consumers use this platform to rate products, services, businesses, and stores. The website was also renowned for providing offers and discounts on products.
The researchers ensure that “Credential stuffing attacks, when perpetrators use stolen account credentials to gain unauthorized access to user accounts on other systems, are unlikely. However, threat actors could use the data for spam and spear-phishing campaigns, most often in the form of con emails that try to dupe the victim into parting with money or further valuable information.”
The data held within the database indicated Trustanduse had an ongoing association with a Greek supermarket chain, Galaxias. They shared their supplier information like receipts, discounts, and special access to their website for the supermarket employees. As there was no effective authorization in place, experts were able to analyze the Application Programming Interface (API) and sandbox settings seemingly developed by trustanduse.com. Although, this is not specified on their website.
“The trustanduse.com site might not operate anymore, at least judging from the fact that it appears to have fallen silent on social media channels. However, the discovered database was actively updated, so the data could still be used for future projects, sold to third parties, or exploited by threat actors,” researchers said.
Cybernews researchers suggest everyone who has an account with Trustanduse take precautions such as:
- Changing usernames and passwords
- Inspecting any new emails to prevent phishing attacks
- Sharing as little personal information as possible on Facebook
- Ignoring text messages and phone calls from unknown numbers