Disclosing personal data on platforms providing digital services is always risky. The Cybernews research team identified a publicly accessible database storing up to 855GB of sensitive user and business data that belongs to social marketplace trustanduse.com.
The leaked database was first found on June 21 and remained potentially accessible to threat actors for at least six months. We reached out to trustanduse.com, and the company fixed the issue.
Trustanduse.com is a platform for consumers to rate products, services, professionals, and stores, as well as get offers and discounts. The company was founded in 2016 and is based in Athens.
The discovered database included sensitive data such as usernames, full personal names, Facebook IDs, phone numbers, and passwords hashed with the BCrypt algorithm, which is considered safe.
The researchers ensure that credential stuffing attacks, when perpetrators use stolen account credentials to gain unauthorized access to user accounts on other systems, are unlikely. However, threat actors could use the data for spam and spear-phishing campaigns, most often in the form of con emails that try to dupe the victim into parting with money or further valuable information.
During the investigation, researchers were able to view publicly accessible information with business-related data, such as information about products, services, and partnerships.