- The security researcher finds an unspeared database belonging to the Australian fashion brand
- It contained names, email addresses, telephone numbers, and more, at least 3.5 million people
- Sabo warns users to be on their care
The Australian fashion mark Sabo has disclosed sensitive data on millions of its customers by keeping a database not encrypted and not protected by passwords on the Internet, available to all those who knew where to look.
Jeremiah Fowler, a safety researcher known for having discovered these types of leaks found a 292 GB archive, containing 3,587,960 documents.
The number of entities whose information has been disclosed could be around 3.5 million, but it could also be – fifty times more.
Lock the database
“In a single PDF file, there were 50 separate control pages, indicating that the total number of potential customers is greater than the total number of PDF files in the database,” said Fowler.
The information has been generated via an internal document management storage system, designed to follow sales and returns, as well as the corresponding national and international shipping documents.
Since the dates of the file vary from 2015 to 2025, it is sure to assume that certain information is obsolete and some is very relevant.
Fowler contacted Sabo with the information, and the database was locked “in a few hours”. However, the company has never responded to the researcher’s emails, so we do not know for how long the database has remained open, which maintained it, or if someone managed to find and exfiltrate information before him.
Sabo is an Australian fashion brand, designing and selling exclusive collections of clothing, shoes, swimwear, night clothes and formal outfits. It is mainly an Australian brand, operating in the country. However, it also sells its products online and allows global shipments.
He currently has three stores in the country and has declared an annual turnover of $ 18 million for 2024.
