![Apple Reorganizes Executive Team to Rescue Siri [Report]](https://www.iclarified.com/images/news/96777/96777/96777-640.jpg)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
![Release: Rendering Ranger: R² [Rewind]](https://images-3.gog-statics.com/48a9164e1467b7da3bb4ce148b93c2f92cac99bdaa9f96b00268427e797fc455.jpg)
Top collectibles site leaks personal data of nearly a million users
Cybernews found a non-password-protected database containing Collectibles.com user names, addresses, and more.
- Cybernews found an Elasticsearch instance with 870,000 unique records
- They were generated by Collectibles.com, a major collectible cards marketplace
- The database was locked ten days later
Collectibles.com, a major collectible cards marketplace, has been leaking sensitive information on hundreds of thousands of users, exposing them to risk of identity theft, wire fraud, phishing, and more, experts have claimed.
This is according to the research team from Cybernews, who recently discovered, and reported, a non-password-protected Elasticsearch instance.
The team found a 300GB cluster of valuable user data, counting more than 870,000 records, each representing a different person, noting how, “The exposure of user details and transaction histories poses a significant security risk, potentially enabling identity theft, targeted fraud, and account takeovers."
Working around security solutions
Formerly known as Cardbase, Collectibles.com, is an online marketplace and management platform for collectors, allowing users to track, buy, and sell various collectibles, including trading cards, comics, and memorabilia. In a 2024 press release, the company claimed to have roughly 300,000 users.
The data Collectibles.com was leaking includes people’s full names, their email addresses, profile picture links, other user account details, collectible card sales, and transactional data.
Cybernews reached out to the company to report their findings, “but besides an automated response, the company did not acknowledge the data leak,” they said.
The instance was closed ten days later, although we don’t know for how long it remained open before being discovered. We also don’t know if any malicious actors discovered it before Cybernews, and possibly even used the data in phishing.
Exposed databases remain one of the key causes of data leaks. Many organizations hoard sensitive customer data in a cloud database, some of which don’t understand that with cloud, security is a shared responsibility.
Security researchers and cybercriminals alike can use tools like Shodan or Elasticsearch to find these databases and use the information found there to run all kinds of scams.
You might also like
- Massive online data breach sees 2.7 billion records leaked - here's what we know
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
