Names and products ordered can be viewed by the public
Customer data of the adult goods retailer Amorelie was vulnerable for a short time. In addition to the name and email address of customers, information about the products ordered should also have been visible. Amorelie has now published a statement.
Amorelie: Vulnerability in personal customer data
The sex toy and adult goods retailer Amorelie states that Customer data can be viewed by third parties for a short time was. According to their own information, the security gap was closed after a short time. It is said that there was no successful attack on the sometimes very sensitive data. However, one does not want to completely exclude access (source: Cupid).
The data is the name, the physical and e-mail address, the erotic articles ordered and the selected payment method for all registered users. This affects customer data between 2013 and May 2020. Bank and credit card data and user passwords are said not to have been visible.
The vulnerability is supposed to on November 22, 2021 noticed and closed “a few minutes” later by the IT department of the mail order company. It is not clear how long the gap has existed. It also remains unclear how many users are affected in total and whether they have been informed by email.
Current tech news at a glance:
Data leak at Amorelie “no cause for concern”
According to Amorelie, customers have “no cause for concern”, but should still be aware of possible “improper use” of their own data. According to the opinion, Amorelie sees “No evidence” that customer data has been stolen. If this turns out to be a miscalculation, then “everything will be done” to prevent further misuse of the data. Amorelie is now working with the data protection authorities and an external IT consultancy to clarify the incident.