Cybersecurity researcher Jeremiah Fowler has uncovered a massive data breach involving an unprotected and unencrypted database containing over 3.5 million records.
The exposed data, linked to Brisbane-based fashion brand SABO, included sensitive customer information such as names, email addresses, phone numbers, physical addresses, shipping details, invoices, and return records. The documents were stored in PDF format, totaling a staggering 292 GB in size and dating from 2015 to 2025.
The database was discovered to be publicly accessible without any password or encryption, raising serious concerns about data privacy and security. In several sampled files, Fowler noted that a single PDF contained up to 50 individual orders, suggesting that the actual number of affected individuals could be significantly higher than the number of files. The exposed data appeared to be part of an internal document management system used to process both retail and corporate orders, including international shipments.
Fowler immediately reported the breach to SABO through a responsible disclosure notice. Although the database was quickly secured and made inaccessible within hours, the company has not responded to the disclosure. It remains unclear whether the database was directly controlled by SABO or managed by a third-party service provider. The duration of the exposure and whether any malicious actors accessed the data prior to Fowler’s discovery is also unknown. Only a thorough internal forensic audit could confirm the extent of potential unauthorized access.
The exposed documents, containing years of transaction history, pose a substantial risk of targeted phishing and social engineering attacks. Cybercriminals could exploit this data to craft highly convincing emails that mimic legitimate communication from SABO, referencing real customer details such as order numbers, purchase dates, and shipping information. This type of insider knowledge significantly increases the success rate of fraudulent campaigns.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
