Top tire manufacturer hit by data breach leaking info on millions of customers

An abstract image of a database
(Image credit: Image Credit: Pixabay)

SimpleTire, a company selling car tires and related services, kept an unsecured database with the sensitive data on millions of customers online, available for anyone who knew where to look. 

This is according to cybersecurity researcher Jeremiah Fowler, who says that more than a million customer records were exposed, including data such as customer order confirmations, with details such as full names, phone numbers, postal addresses, and partial credit card numbers with expiration dates.

The size of the exposed database was 1TB, with the exact number of records being 2,808,697. Besides the above mentioned, it also included wholesale information, references to authorized installers, refund requests, and sales and promotion images.

Significant risk

Perhaps most worrisome is the fact that the database held the last four digits of a person’s credit card. Almost all of the first 6 digit credit card Issuer Identification Numbers (IIN) can be found online, which means that a potential threat actor can now have 10 of the total 16 numbers. Fowler speculates that guessing the remaining six numbers could be done “almost instantly” with the right software. 

“In this case the customer’s name, home address, and even the card’s expiration date was exposed making the risk even more serious than just guessing the missing numbers,” Fowler explains. 

“This data exposure could be used in combination with previous hacks or leaks to cross-reference and easily identify the full card number. Unlike a simple card exposure the criminal would have additional information to create a full information profile on their victim. The full card number combined with the names, home addresses, expiration date, and other information taken from the order confirmations could pose a significant risk.”

That significant risk includes all kinds of online scams, from wire fraud, to identity theft, to tax return fraud. Fowler reached out to SimpleTire via “several email addresses” and says the company took more than three weeks to react and lock the database down. It never got back to him, though. 

We have reached out to SimpleTire for a comment and will update the article if we get a response. 

The company claims to have more than 10,000 installers and more than 3,000 independent supply points. It employs “hundreds of people” and supports “thousands of local businesses.”

Via: Website Planet

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.