California-registered emblem, pin, and patch manufacturer EnamelPins had an unsecured Elasticsearch instance for its GS-JJ gift platform expose more than 300,000 emails with its customers, nearly 2,500 of which had .gov. or .mil domains, between July and early November, reports Cybernews.
Aside from containing full names, other personal information, and product design details, the leaked emails also included sensitive data from high-ranking U.S. military personnel, who have ordered coins, medals, and battalion emblems, according to Cybernews researchers. Such data exposure from the site, which is mainly targeted at civilians, was also indicative of an operational security failure in the U.S. government, said researchers, who noted the site's operations to be associated with China. "Due to the Chinese government’s broad powers to access data, it may be risky for US Government and Military officials to use Chinese services, especially in the official settings. This leak raises OPSEC concerns, as ordering patches, emblems, and other items can inadvertently expose ranks, divisions, and personal information," researchers added.
