Home » Blog » Top online gift platform leaks user details, including thousands of US military members
Technology

Top online gift platform leaks user details, including thousands of US military members

by
by 0 comments
  • 300,000 emails from EnamelPin, owner of gs-jj.com, exposed online
  • Many originate from .gov or .mil sources, which are used by military or government workers
  • The leak exposed the sites links to China

Researchers at Cybernews recently discovered over 300,000 emails from EnamelPin customers were exposed for months thanks to an open Elasticsearch instance.

EnamelPin Inc is the owner of popular gift site gs-jj.com, which sells medals, lapel pins, emblems, and more.

The leaked emails contained personal information such as full names and email addresses, around 2,500 were from .gov and .mil domains. The site is unsurprisingly popular amongst US government officials and military officers, who had ordered products such as coins, patches, and medals.

National Security Concerns

“The emails and attachments exposed sensitive information about high-ranking military officials. They could be used to determine their position in certain Army units, phone numbers, email addresses, and shipping addresses,” Cybernews researchers said.

Other security issues were discovered on the site, such as the exposure of hidden git repository configuration, folder, and file structure of the website.

The data was left exposed for months, according to researchers. The information was publicly accessible from April 22 until December 5, which left many customers at risk, particularly of identity theft.

Whilst EnamelPin Inc is registered in California and aimed at civilians, the leak exposed previous unknown links to China. Researchers found a publicly accessible Git configuration file which revealed the website’s source code repository is hosted on a Chinese server.

The company also has an ‘complete expert team in China’, long delivery times suggest overseas fulfilment, and the customer support team communicate in broken English.

“Due to the Chinese government’s broad powers to access data, it may be risky for US Government and Military officials to use Chinese services, especially in the official settings,” Cybernews added.

“This leak raises OPSEC concerns, as ordering patches, emblems, and other items can inadvertently expose ranks, divisions, and personal information.”

You might also like

You Might Also Like

You may also like

Apple’s rumored smart home display could be a cross between...

These could be the specs of the iPhone 17 –...

Samsung could launch a tri-fold foldable next year – with...

Gigabyte leaks AMD Ryzen 9800X3D CPU (again) and explains ‘X3D...

Google leak teases major camera updates for the Pixel 10...

PS5 Pro games list: all of the PS5 Pro enhanced...

Arm wants to go direct Chinese market, no more ArmChina...

Forget the 6,000mAh OnePlus 13 – we could see a...

Between Perplexity’s new macOS app and ChatGPT’s search launch, conversational...

Prime Video’s new #1 movie Apocalypse Z: The Beginning of...

Leave a Comment

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00
Verified by MonsterInsights