ADVERTISEMENT

Late shipment? Retailers’ data leak may have allowed attackers to redirect it

US outdoor sports retailer Peter Glenn has left numerous credentials exposed. The oversight leaves the business vulnerable to severe cyberattacks, including customer data and parcel theft.

Peter Glenn leak

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Oct 8, 2024 Updated: 8 December 2025 4 min read

What did the Peter Glenn leak expose?

Sample
Sample of the leaked data. Image by Cybernews.
ADVERTISEMENT

Wake me up when September ends

  • Render the .env file inaccessible: using any type of authorization or authentication
  • Investigate access logs: to identify whether any threat actors have accessed the exposed sensitive information
  • Credential rotation: rotate all exposed credentials to mitigate current risks
  • Enhanced security measures: implement stricter access controls, use environment-specific configurations, and encrypt sensitive data at rest and in transit
  • MFA setup: ensure MFA is enabled in AWS and other exposed services to add an additional layer of security

Disclosure timeline

  • June 28, 2024: leak discovered
  • July 1, 2024: initial disclosure email sent
  • September 4, 2024: CERT informed
  • October 1-3, 2024: file closed from the public
ADVERTISEMENT