Affected customers not informed
According to the report, the error has been fixed for months, but the affected customers have not been notified to date – and there are quite a few of them! More than a million data records from around 700,000 users were leaked onto the Internet. The data included e-mail and postal addresses as well as order information, telephone numbers and even payment data such as bank details. Mail order company Otto, the supermarket chain Kaufland, the electronics retailer Media Markt and the providers Check24, Tyre24, idealo, Hood and Crowdfox used the insecure interface service.
Who is responsible?
It is currently unclear who is responsible for the incident. According to the report, the platform operators – such as Kaufland – stated that they would only act as intermediaries between customers and retailers with their marketplaces and were not responsible for storing and securing customer data. According to tagesschau.de, the state data protection officer of Baden-Württemberg describes it as a serious and scandalous process that the affected customers have not yet been informed about the data leak. A Swiss IT expert confirmed to the ARD magazine Plusminus that the data in the hands of cybercriminals offers ideal conditions for carrying out phishing attacks or identity theft. Whether the information ended up on the dark web is not comprehensible due to the long time span of the leak.