Australian fashion brand SABO leaks 3.6 Million customer records
Learn More
SABO, a Brisbane-based Australian fashion retailer of clothing, shoes, swimwear, sleepwear, and formal wear, is found to be leaking 3,587,960 records spanning a decade of customer transactions.
The leak was discovered by cybersecurity researcher Jeremiah Fowler on a publicly accessible database containing customer information dating from 2015 to 2025. The fashion company maintained the database as part of what appeared to be an internal document management storage system used to track sales, returns, and corresponding domestic and international shipping documents.
The actual number of affected customers is not claear since individual files contained multiple order pages - some documents contained up to 50 separate customer orders. Exposed data includes:
- Customer names (first and last)
- Physical addresses
- Email addresses
- Phone numbers
- Invoice details and order histories
- Shipping information and delivery addresses
- Return processing details
- Purchase amounts and transaction values
- Order numbers and tracking information
- Product details and quantities purchased
- Corporate customer information
- International shipping documentation
Even if the number of individuals is just 10% of the total number of transactions, it's still 350,000 people.
Jeremiah Fowler sent a responsible disclosure notice to SABO, and the database wae restricted from public access within hours of receiving the notification. SABO has not provided any direct communication or acknowledgment regarding the incident and did not respond to the responsible disclosure notice.
The duration of the database exposure prior to its discovery is unknown. It's not clear whether any unauthorized parties accessed the database before the security researcher's discovery.
