Back to Data Breach

Data Breach

Chinese retailer LightInTheBox exposes 1.3TB of customer data in a data breach. 

In December 2019, it was revealed that the Chinese e-commerce player LightInTheBox was a victim of a data breach that affected the personal data of its customers. Around 1.3TB of customer information was exposed. The website offers retail goods such as gadgets, clothing, and accessories.

Researchers Noam Rotem and Ran Locar discovered the database breach in November 2019. The affected database contained user activity that took place between August 9, 2019 and October 11, 2019, and contained information such as users’ IP addresses, countries of residence, email addresses, destination pages, and user activity on the website. Besides user activity logs on LightInTheBox.com, the affected database also contained data from the firm’s subsidiary site, MiniInTheBox.com.

"The exposed data makes those affected vulnerable to many forms of fraud and online attacks. With access to user emails, cybercriminals could create convincing phishing campaigns with emails imitating LightInTheBox,” said VPNMentor’s Noam Rotem and Ran Locar, noting that using this information, a criminal could figure out exactly where a person lives.

Protect yourself against cybersecurity disasters like this by investing in a tool that will protect your network from brute-force attacks, ransomware threats, and denial-of-service (DoS) attacks. Download ManageEngine Log360, a tool that helps combat both internal and external security attacks.

How ManageEngine can help.

Log360, our comprehensive SIEM solution, can help your organization by:

  • Alerting security teams in real time about events that require their immediate attention, such as network attacks, unauthorized access attempts to files or folders, security group membership changes, and account lockouts.
  • Detecting unauthorized network access attempts with its built-in Structured Threat Information eXpression (STIX/TAXII) feeds processor. Log360 also has a global IP threat database that can instantly detect known malicious traffic passing through the network as well as outbound connections to malicious domains and callback servers. 
  • Finding potential insider threats with its user and entity behavior analytics engine, which creates a baseline of normal activities that are specific to each user and notifies security personnel instantly when there's a deviation from this norm.
  • Obtaining important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
  • Automatically raising incidents as tickets to specific technicians in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.

Download a free trial of Log360 to see the tool in action for yourself.

Share:

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.