Collectibles.com data leak exposes information of nearly 900,000 users

Collectibles.com (formerly Cardbase), a marketplace for trading cards and other collectibles, was found to be leaking the data of approximately 870,000 users. The Cybernews research team discovered an unsecured Elasticsearch cluster belonging to the company that contained nearly 300GB of exposed data.

The leaked data includes:

• Full names
• Email addresses
• Profile picture links
• User account details
• Collectible card sales records
• Transaction histories

The combination of personal identifiers makes it easier for criminals to impersonate victims, steal identites and accounts or create fraudulent transactions.

The Cybernews team contacted Collectibles.com after discovering the leak, but received only an automated response with no acknowledgment of the incident. The exposed database remained accessible for over 10 days before it was finally secured. The company has not issued any official communication to affected users about the breach.