Top online gift platform leaks user details, including thousands of US military members

News
By
published

Gift platform gs-jj.com left 300,000 customer emails exposed

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)
  • 300,000 emails from EnamelPin, owner of gs-jj.com, exposed online
  • Many originate from .gov or .mil sources, which are used by military or government workers
  • The leak exposed the sites links to China

Researchers at Cybernews recently discovered over 300,000 emails from EnamelPin customers were exposed for months thanks to an open Elasticsearch instance.

EnamelPin Inc is the owner of popular gift site gs-jj.com, which sells medals, lapel pins, emblems, and more.

The leaked emails contained personal information such as full names and email addresses, around 2,500 were from .gov and .mil domains. The site is unsurprisingly popular amongst US government officials and military officers, who had ordered products such as coins, patches, and medals.

National Security Concerns

“The emails and attachments exposed sensitive information about high-ranking military officials. They could be used to determine their position in certain Army units, phone numbers, email addresses, and shipping addresses,” Cybernews researchers said.

Other security issues were discovered on the site, such as the exposure of hidden git repository configuration, folder, and file structure of the website.

The data was left exposed for months, according to researchers. The information was publicly accessible from April 22 until December 5, which left many customers at risk, particularly of identity theft.

Whilst EnamelPin Inc is registered in California and aimed at civilians, the leak exposed previous unknown links to China. Researchers found a publicly accessible Git configuration file which revealed the website’s source code repository is hosted on a Chinese server.

The company also has an ‘complete expert team in China’, long delivery times suggest overseas fulfilment, and the customer support team communicate in broken English.

“Due to the Chinese government’s broad powers to access data, it may be risky for US Government and Military officials to use Chinese services, especially in the official settings," Cybernews added.

“This leak raises OPSEC concerns, as ordering patches, emblems, and other items can inadvertently expose ranks, divisions, and personal information.”

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
A person with a laptop using a credit card online.
Avery label maker confirms attack on its site, customer credit card info stolen
Someone checking their credit card details online.
Millions of credit card details leaked online - watch out if you're paying for Christmas
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Latest in Security
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
A hand reaching out to touch a futuristic rendering of an AI processor.
Google Cloud unveils new AI Protection security tools, no matter which model you use
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Latest in News
Stock photographs of people smiling and looking at laptops in a small business environment.
This web hosting platform elevates your online presence
The Samsung Galaxy S25 Edge on display at Galaxy Unpacked
Exclusive: the Samsung Galaxy S25 Edge will have durability to match its ‘sexy’ form
Metaphor: ReFantazio
Sega was Metacritic's highest-rated publisher of 2024 thanks to the critically acclaimed Metaphor: ReFantazio and Like a Dragon: Infinite Wealth
AirPods Pro Review
Apple has quietly updated its guidance on how to clean your AirPods, and suggests you buy a kit… from Belkin
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
A screen shot of Lady Gaga in her interview with Zane Lowe for Apple Music
Lady Gaga’s Spotify press conference is being live streamed today – here’s where you can watch Spotify’s big step forward in fan inclusion
More about security
China

Chinese hackers who targeted key US infrastructure charged by Justice Department
A hand reaching out to touch a futuristic rendering of an AI processor.

North Korean fake job hackers are going the extra mile to make sure their scams seem legit
RISC-V

Startup formed by former Intel engineers and backed by AMD legendary chip designer wants to become the Arm of RISC-V
See more latest
Most Popular
RISC-V
Startup formed by former Intel engineers and backed by AMD legendary chip designer wants to become the Arm of RISC-V
The Samsung Galaxy S25 Edge on display at Galaxy Unpacked
Exclusive: the Samsung Galaxy S25 Edge will have durability to match its ‘sexy’ form
Stock photographs of people smiling and looking at laptops in a small business environment.
This web hosting platform elevates your online presence
Three photos of the Dyson Supersonic r hair dryer
Dyson just released a consumer version of its best pro hair dryer, and I can't wait to get my hands on one
Metaphor: ReFantazio
Sega was Metacritic's highest-rated publisher of 2024 thanks to the critically acclaimed Metaphor: ReFantazio and Like a Dragon: Infinite Wealth
AirPods Pro Review
Apple has quietly updated its guidance on how to clean your AirPods, and suggests you buy a kit… from Belkin
Foldable iPhone
New foldable iPhone rumors predict Apple’s bold plans – here are 6 things to expect, from cameras to launch date
A screen shot of Lady Gaga in her interview with Zane Lowe for Apple Music
Lady Gaga’s Spotify press conference is being live streamed today – here’s where you can watch Spotify’s big step forward in fan inclusion
13-inch and 15-inch MacBook Air M4 in Sky Blue
I saw Apple's new 13- and 15-inch MacBook Air with M4, and here's why Sky Blue is my new favorite color
China
Chinese hackers who targeted key US infrastructure charged by Justice Department