ADVERTISEMENT

US military officials used China-linked promotional gift shop GS-JJ, exposing over 300K emails

A popular promotional gift platform, gs-jj.com, left 300,000 emails from customers exposed for months. The leak hints at potential Operational Security failures, as the company appears to be operating from China and served 2,500 emails sent from .mil and .gov domains.

GS-JJ platform research

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Nov 21, 2024 Updated: 22 November 2024 2 min read
gov-emails
email-example

Leak raises OPSEC concerns

ADVERTISEMENT
  • A Publicly accessible Git configuration file revealed that the website’s source code repository is hosted on a server in China. The website’s assets are hosted on Alibaba Cloud, and the administration login page is in Chinese.
  • Customer support communicates in broken English. Longer delivery times reflect shipping from China.
  • The Company’s official communication on YouTube confirms they “have a complete expert team in China. Meanwhile, lots of offices and agencies have been set up in North America.”
shipping-address

Data left leaking for months

vilius Konstancija Gasaityte justinasv Paulius Grinkevičius B&W
Get our latest stories today on Google News
Add us as your Preferred Source on Google.
military-emails

Disclosure timeline

  • July 10th, 2024: Leak discovered.
  • July 11th, 2024: Initial disclosure email sent, and multiple follow-up emails followed.
  • August 26th, 2024: CERT informed.
  • November 5th: Access to the data was closed.
ADVERTISEMENT