Huge data breach at Australian fashion giant – 3.5 million users at risk, here’s what we know so far
- Security researcher find unencrypted database belonging to Australian fashion brand
- It contained names, email addresses, phone numbers, and more, of at least 3.5 million people
- SABO is warning users to be on their guard
Australian fashion brand SABO leaked sensitive data on millions of its customers by keeping an unencrypted, non-password-protected database on the internet, available to anyone who knew where to look.
Jeremiah Fowler, a security researcher known for discovering these types of leaks found a 292 GB archive, containing 3,587,960 .PDF documents containing names, physical addresses, email addresses, phone numbers, and other personally identifiable information (PII) belonging to both retail and corporate SABO customers.
The number of entities whose information was leaked could be around 3.5 million, but it could also be – fifty times as many.
Locking the database down
“In one single PDF file, there were 50 separate order pages, indicating that the total number of potential customers is higher than the total number of PDF files in the database,” Fowler explained.
The information was generated via an internal document management storage system, designed to track sales and returns, as well as the corresponding domestic and international shipping documents.
Since the file dates range from 2015 to 2025, it is safe to assume that some of the information is outdated, and some is highly relevant.
Fowler reached out to SABO with the information, and the database was locked down “within hours”. However, the company never replied to the researcher’s email, so we don’t know for how long the database remained open, who maintained it, or if someone managed to find and exfiltrate the information before he did.
SABO is an Australian fashion brand, designing and selling exclusive collections of clothes, shoes, swimwear, sleepwear, and formal attires. It is primarily an Australian brand, operating in the country. However, it also sells its products online and allows for worldwide shipments.
It currently has three stores in the country and has reported an annual revenue of $18 million for 2024.
You might also like
Security researcher find unencrypted database belonging to Australian fashion brand It contained names, email addresses, phone numbers, and more, of at least 3.5 million people SABO is warning users to be on their guard Australian fashion brand SABO leaked sensitive data on millions of its customers by keeping an unencrypted,…
