Cyber Incident Victim: Migliorshop
Date:
Jan 2023
Location:
Italy
Summary
A cybersecurity breach impacted an Italian e-commerce platform provider serving online pharmacies, compromising approximately 1.5 million customer records. Attackers exploited multiple vulnerabilities in the provider's cloud infrastructure, gaining unauthorized access to databases containing sensitive personal information including names, addresses, phone numbers, email addresses, MD5-hashed passwords, tax identification numbers, and shipping details. Security researchers had previously alerted the provider to critical weaknesses in their systems but received no response. The compromised data included records from numerous pharmacy websites using the provider's content management system. Analysis revealed weak password protection practices, with approximately 75% of hashed passwords successfully decrypted. Attackers demonstrated system access through website defacement before mitigation efforts were observed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 16, 2023, an anonymous security researcher contacted Migliorshop—an Italian e-commerce platform provider specializing in online pharmacy websites—to report critical vulnerabilities in its infrastructure. The researcher alleged Migliorshop’s cloud environment, hosting multiple pharmacy client instances, contained security flaws granting unauthorized access to customer databases across all connected pharmacies. Technical analysis revealed the compromised systems operated on Windows Server 2012 R2 or Windows 8.1, utilizing ASP.NET with Microsoft IIS 8.5 as the web server and Microsoft SQL Server 2014 for database management. The researcher provided evidence of exposed databases containing 55 tables per instance, including sensitive customer records from pharmacies such as farmaciacontinua.it. Despite sending multiple warnings to Migliorshop’s email addresses (including [email protected], [email protected], and [email protected]), the researcher received no response or remediation efforts from the company.
The breach exposed approximately 1.5 million Italian customers’ personal and financial data, including postal codes, full names, addresses, provinces, mobile phone numbers, email addresses, MD5-hashed passwords, last shipment dates, IP addresses, and tax identification numbers (Codice Fiscale). The researcher demonstrated the ability to decrypt 75% of the MD5 password hashes due to the weak encryption standard. To validate the breach’s authenticity, the researcher leaked sample customer records on Telegram and executed a defacement attack on one Migliorshop-managed pharmacy website, though the defacement was quickly removed by the company. Migliorshop’s failure to address the vulnerabilities or communicate with the researcher left all client pharmacies’ systems exposed indefinitely. The incident impacted Migliorshop’s reputation as a specialized pharmacy e-commerce provider, with its website claiming over 100 million orders processed for Italian pharmacies. No containment actions, public statements, or mitigation measures from Migliorshop were documented as of January 31, 2023, when Red Hot Cyber published its report seeking clarification from the company.