Peak Design has leaked customer data through unsecured database
Learn More
Peak Design has reported a significant data leak that exposed a decade’s worth of client data, totaling around half a million records. Peak Design is a company that specializes in creating high-quality camera and travel accessories, founded in 2010 and initially gained popularity through crowdfunding platforms like Kickstarter.
The data leak is caused to an Elasticsearch server, an open-source search engine used for analyzing large amounts of data. Peak Design did not secure the Elasticsearch server with a password, making it publicly accessible. This oversight occurred during a migration to a new customer service platform, where an internal system was created for agents to search historical tickets. The private server was mistakenly made externally accessible on March 11, 2024.
Cybernews discovered the leak and published a detailed report. The researchers found a ransom note on the company’s systems, so the data is already very probably stolen. The open server was reported on April 25, 2024, and Peak Design locked down the server.
The exposed data spans customer service tickets from October 2013 to May 2023 and includes:
- Customer names
- Emails
- Shipping addresses
- Order details
- Correspondences with the customer service team
The number of affected individuals is not disclosed. Peak Design has reassured customers that there is no evidence of misuse of the exposed information to date.
Peter Dering, Founder and CEO of Peak Design, addressed customers in an email, explaining the situation and the steps taken to resolve it. He urged customers to be cautious of suspicious communications related to Peak Design and provided a contact email for any concerns.
