The database contained over 3.3 million orders from 2015 to 2020, many of which included uploaded copies of customers’ government-issued identity cards. The vulnerability was addressed after a security researcher notified the store owners.