Data leak at Editorialist affects thousands of shoppers

The luxury fashion shopping platform Editorialist has been leaking user data for months., formerly Project YX, is an e-commerce platform for luxury fashion that also features personal styling advice to boost sales.

On September 26th, 2023, the Cybernews research team discovered an exposed cloud storage (namely, an Amazon S3 bucket) that, considering the sensitive data it contained, most likely wasn’t meant to be accessible to the public.

The storage, seemingly left open accidentally via a misconfiguration, belongs to and contains over 7,000 client invoices with clients’ names, addresses, and descriptions of shopping items.

It also contains 316 spreadsheets (XLSX/CSV files) under the “credit card sheets” folder and exposes the following information:

  • User ID
  • First and last name
  • Card name and type
  • The last four payment card digits
  • Card expiration date
  • Cardholder’s email
  • And local amount, among other information.
Editorialist invoice
Screenshot by Cybernews.

Upon this discovery, we immediately contacted the company. Unfortunately, the data remained exposed for another five months, with our intel showing it was only secured between the end of February and the beginning of March.

We have yet to receive a response to our requests for on-the-record comments.

Since is a luxury fashion shopping website, its clients are a highly lucrative target.

“Shopping information and transaction data can greatly add to phishing attacks,” our researchers said.

“Victims should be on the lookout for targeted phishing emails from fraudsters posing as Editorialist or a related company. Never click on links or attachments in unsolicited emails.”

More from Cybernews:

Your data, their profit: the data brokers you know nothing about

Nvidia demos AI-generated characters, stocks are still rising

Meta offers to slash its no-ads subscription fee

Fitbit changes name

Big Tech dominates digital ad market despite antitrust measures

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked