Photography gear company Peak Design suffered a major data breach. According to reports, the exposed data included names, email addresses, home addresses, order information, and even customer service inquiries. To make things worse, it allegedly left customer information vulnerable for almost ten years.
The leak stemmed from a critical security lapse. Peak Design left an Elasticsearch server, a search engine for internal data analysis, publicly accessible without a password. This essentially left the server wide open on the internet. Folks at Cybernews discovered the leak on April 25, 2024, they say that the leaked data itself dates back to June 2014.
The exposed data poses a significant risk to Peak Design customers. While the information wasn’t live and wouldn’t impact product shipments, it could be exploited in several ways. Scammers could sell the data to marketing agencies or spammers, potentially leading to unwanted solicitations. The data breach also increases the risk of phishing attacks, where emails impersonate Peak Design to steal further information. Additionally, the leaked data could be used for doxxing, the act of publicly revealing private or identifying information.
The situation is further complicated by the discovery of a ransom note left by a ransomware bot on Peak Design’s systems. The note suggests hackers accessed the server and may possess a copy of the data. Cybernews writes that they notified Peak Design and they have secured the server since. However, the company has yet to issue an official statement regarding the breach.
This incident highlights the importance of proper data security. After all, this isn’t the first time something like this has happened. We have many examples, including other photography-related companies like Adobe and Pixsy. Needless to say, companies entrusted with customer information have a responsibility to implement robust security measures. Peak Design’s failure to secure their server demonstrates a critical lapse in protecting sensitive customer data.
We have reached out to Peak Design for comment and will update the article if we hear back.
