Researchers from Security Discovery uncovered a database belonging to Verlo Mattress Factory that was left unprotected without any authentication.
What information was involved?
The unprotected database contained 387,604 records of customer data.
The big picture
A security researcher from Security Discovery named Jeremiah Fowler uncovered the leaky database on September 05, 2019. The database contained a folder named “Customers”. Every file contained in the folder referred to Verlo Mattress Factory. Upon further investigation, the researcher noted that this could be a franchise or a single location.
Upon discovery, the researcher made multiple attempts to notify Verlo Mattress Company about the data leak but did not hear back from the company. However, the researcher noted that the database was taken down soon after the first notification was sent to the company.
“It is unclear how long the data was exposed or who else may have gained access to it before I responsibly disclosed my discovery to the Verlo Mattress Company. It is also unclear if the affected customers or the authorities were notified,” the researcher said in a blog.