Are you over 18 and want to see adult content?
More Annotations
A complete backup of enable-javascript.com
Are you over 18 and want to see adult content?
A complete backup of meillandrichardier.com
Are you over 18 and want to see adult content?
A complete backup of savecodeshare.eu
Are you over 18 and want to see adult content?
A complete backup of bernhardtdesign.com
Are you over 18 and want to see adult content?
A complete backup of photographyforrealestate.net
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of putnamcountyny.gov
Are you over 18 and want to see adult content?
A complete backup of sydneypoolstoday.com
Are you over 18 and want to see adult content?
Text
SECURITY DISCOVERY
A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records. On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony. ABOUT - SECURITY DISCOVERY Welcome to Security Discovery. This site was founded by a team of cyber security researchers and offers news, best practices, consulting services and more. Members of our security team have identified data breaches that were covered by news outlets such as the BBC, Forbes, Financial Times, Washington Post, Engadget, TechCrunch, NYDaily NewsTESTING SERVICES
It has been noted that as much as 70% of these data breaches are caused by a disgruntled or malicious employee. Security Discovery’s periodic ‘penetration testing’ can help discover weaknesses in your infrastructure. We can help organizations to identify and fix vulnerabilities and weaknesses in their database or other assets. THE SHOCKING COST OF A DATA BREACH TO SMALL AND MEDIUM In the U.S. only: $7.35 million average cost of a data breach, up 25% since 2013. Average Cost per Record Breached. Globally: $141 average cost per record breached. In the U.S. only: $225 average cost per record breached. The numbers and data show the real cost of a data breach but yet many business owners and executives struggle to spend SMS SPAM OPERATION REBRANDS, CONTINUES TO LEAK CUSTOMER SMS Spam Operation Rebrands, Continues to Leak Customer Information. Posted By: Bob Diachenko April 14, 2020. Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 63 million customer emails and phone numbers. Rocket Text, formerly known asApexSMS, first
WHAT TO DO AFTER A DATA BREACH The more you understand about a data breach the better in the long run and the faster you can get back to work with better data protection. Here is some advice of what to do after a data breach. 1. Have a plan and never make it up as you go. In the event of a data breach or a cyber attack you need to act fast and gather the facts of what ESTEE LAUDER EXPOSED 440 MILLION RECORDS ONLINE Estee Lauder Exposed 440 Million Records Online. On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I could see audit logs that contained a large number of email DOW JONES RISK SCREENING WATCHLIST EXPOSED PUBLICLY IN A Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach. On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). DATABASE WITH MILLIONS OF INDIAN PERSONAL RECORDS EXPOSED Database With Millions of Indian Personal Records Exposed and Hijacked. On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: There was no indication in the database aboutthe owner of
800+ MILLION EMAILS LEAKED ONLINE BY EMAIL VERIFICATION 800+ Million Emails Leaked Online by Email Verification Service. On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number of emails that were publicly accessible forSECURITY DISCOVERY
A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records. On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony. ABOUT - SECURITY DISCOVERY Welcome to Security Discovery. This site was founded by a team of cyber security researchers and offers news, best practices, consulting services and more. Members of our security team have identified data breaches that were covered by news outlets such as the BBC, Forbes, Financial Times, Washington Post, Engadget, TechCrunch, NYDaily NewsTESTING SERVICES
It has been noted that as much as 70% of these data breaches are caused by a disgruntled or malicious employee. Security Discovery’s periodic ‘penetration testing’ can help discover weaknesses in your infrastructure. We can help organizations to identify and fix vulnerabilities and weaknesses in their database or other assets. THE SHOCKING COST OF A DATA BREACH TO SMALL AND MEDIUM In the U.S. only: $7.35 million average cost of a data breach, up 25% since 2013. Average Cost per Record Breached. Globally: $141 average cost per record breached. In the U.S. only: $225 average cost per record breached. The numbers and data show the real cost of a data breach but yet many business owners and executives struggle to spend SMS SPAM OPERATION REBRANDS, CONTINUES TO LEAK CUSTOMER SMS Spam Operation Rebrands, Continues to Leak Customer Information. Posted By: Bob Diachenko April 14, 2020. Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 63 million customer emails and phone numbers. Rocket Text, formerly known asApexSMS, first
WHAT TO DO AFTER A DATA BREACH The more you understand about a data breach the better in the long run and the faster you can get back to work with better data protection. Here is some advice of what to do after a data breach. 1. Have a plan and never make it up as you go. In the event of a data breach or a cyber attack you need to act fast and gather the facts of what ESTEE LAUDER EXPOSED 440 MILLION RECORDS ONLINE Estee Lauder Exposed 440 Million Records Online. On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I could see audit logs that contained a large number of email DOW JONES RISK SCREENING WATCHLIST EXPOSED PUBLICLY IN A Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach. On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). DATABASE WITH MILLIONS OF INDIAN PERSONAL RECORDS EXPOSED Database With Millions of Indian Personal Records Exposed and Hijacked. On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: There was no indication in the database aboutthe owner of
800+ MILLION EMAILS LEAKED ONLINE BY EMAIL VERIFICATION 800+ Million Emails Leaked Online by Email Verification Service. On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number of emails that were publicly accessible for ABOUT - SECURITY DISCOVERY Welcome to Security Discovery. This site was founded by a team of cyber security researchers and offers news, best practices, consulting services and more. Members of our security team have identified data breaches that were covered by news outlets such as the BBC, Forbes, Financial Times, Washington Post, Engadget, TechCrunch, NYDaily NewsDISCOVERIES
What is our experience? Here are just a few of our data discoveries that have made headlines. The security research center was founded by Bob Diachenko, Director of Cyber Risk Research and Jeremiah Fowler, data analyst and security consultant.TESTING SERVICES
It has been noted that as much as 70% of these data breaches are caused by a disgruntled or malicious employee. Security Discovery’s periodic ‘penetration testing’ can help discover weaknesses in your infrastructure. We can help organizations to identify and fix vulnerabilities and weaknesses in their database or other assets.CONSULTING SERVICES
After the Crisis. We will work with you and provide regular external audits of your security and data protection. We can create intrusion detection exercise using a third party and simulate a “data breach”. We will train your leadership and key employees to understand crisis communication related to TOP 10 STEPS TO PREVENT A DATA BREACH 8. Hire a 3rd party to identify threats: Bring in independent auditors to identify vulnerabilities in your network, suspicious network activity and to help you prepare for any crisis or data leak. They can also identify if any private data is publicly accessible. Hiring outside experts can also help you plan a breach response. SKYMED MEDICAL EVACUATION MEMBERSHIP SERVICE EXPOSED DATA SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members. On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data allegedly belonged to Floridabased SkyMed.
800+ MILLION EMAILS LEAKED ONLINE BY EMAIL VERIFICATION 800+ Million Emails Leaked Online by Email Verification Service. On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number of emails that were publicly accessible for ONLINE EYEWEAR WEBSITES EXPOSE DATA OF 186K CUSTOMERS Online Eyewear Websites Expose Data of 186k Customers. In October 2019 I discovered a database that contained 186,000 sales records and 40.4 million visitor IP addresses. From October 23rd, 2019 to January 13th, 2020 I sent multiple emails and left numerous voice messages. JEREMIAH FOWLER, AUTHOR AT SECURITY DISCOVERY Luxury Real Estate Firm Exposed Owner and Agent Data Online For Months, Later Wiped Out By Malicious Meow Bot. On June 17th I discovered a dataset that contained a massive amount of records that were clearly related to a real estate and a home sale brokerage company. There were a JANA SMALL FINANCE BANK EXPOSED MILLIONS OF RECORDS ONLINE This is a Elastic database set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials. Millions of records including KYC PII client information, wallet ID, usernames, emails, other account and transaction data. 2.6 Million Users and TransactionRecords.
SECURITY DISCOVERY
A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records. On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony. ABOUT - SECURITY DISCOVERYDISCOVER SECURITY ALERTDISCOVER SECURITY CARDDISCOVER SECURITY CARD Welcome to Security Discovery. This site was founded by a team of cyber security researchers and offers news, best practices, consulting services and more. Members of our security team have identified data breaches that were covered by news outlets such as the BBC, Forbes, Financial Times, Washington Post, Engadget, TechCrunch, NYDaily NewsTESTING SERVICES
It has been noted that as much as 70% of these data breaches are caused by a disgruntled or malicious employee. Security Discovery’s periodic ‘penetration testing’ can help discover weaknesses in your infrastructure. We can help organizations to identify and fix vulnerabilities and weaknesses in their database or other assets. SMS SPAM OPERATION REBRANDS, CONTINUES TO LEAK CUSTOMER SMS Spam Operation Rebrands, Continues to Leak Customer Information. Posted By: Bob Diachenko April 14, 2020. Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 63 million customer emails and phone numbers. Rocket Text, formerly known asApexSMS, first
THE SHOCKING COST OF A DATA BREACH TO SMALL AND MEDIUMTHE COST OF DATA BREACHAVERAGE COST OF A BREACHAVERAGE COST OF A BREACH In the U.S. only: $7.35 million average cost of a data breach, up 25% since 2013. Average Cost per Record Breached. Globally: $141 average cost per record breached. In the U.S. only: $225 average cost per record breached. The numbers and data show the real cost of a data breach but yet many business owners and executives struggle to spend WHAT TO DO AFTER A DATA BREACH The more you understand about a data breach the better in the long run and the faster you can get back to work with better data protection. Here is some advice of what to do after a data breach. 1. Have a plan and never make it up as you go. In the event of a data breach or a cyber attack you need to act fast and gather the facts of what DATABASE WITH MILLIONS OF INDIAN PERSONAL RECORDS EXPOSED Database With Millions of Indian Personal Records Exposed and Hijacked. On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: There was no indication in the database aboutthe owner of
ESTEE LAUDER EXPOSED 440 MILLION RECORDS ONLINE Estee Lauder Exposed 440 Million Records Online. On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I could see audit logs that contained a large number of email DOW JONES RISK SCREENING WATCHLIST EXPOSED PUBLICLY IN ADOW JONES RISK DATABASEDOW JONES 30 INDUSTRIALS LISTDOW JONES INDUSTRIAL COMPANIES LISTDOW JONES LIVEDOW JONES STOCKSDOW JONES MARKETWATCH TODAY Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach. On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). DOCUMENT MANAGEMENT COMPANY LEFT CREDIT REPORTS ONLINE Document Management Company Left Credit Reports Online. On January 10th, I identified an unprotected Elasticsearch cluster which contained 51 GB of what appeared to be OCR ( Optical character recognition) credit and mortgages reports, with total number of records in the database more than 24 Million (24,349,524 to be exact).SECURITY DISCOVERY
A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records. On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony. ABOUT - SECURITY DISCOVERYDISCOVER SECURITY ALERTDISCOVER SECURITY CARDDISCOVER SECURITY CARD Welcome to Security Discovery. This site was founded by a team of cyber security researchers and offers news, best practices, consulting services and more. Members of our security team have identified data breaches that were covered by news outlets such as the BBC, Forbes, Financial Times, Washington Post, Engadget, TechCrunch, NYDaily NewsTESTING SERVICES
It has been noted that as much as 70% of these data breaches are caused by a disgruntled or malicious employee. Security Discovery’s periodic ‘penetration testing’ can help discover weaknesses in your infrastructure. We can help organizations to identify and fix vulnerabilities and weaknesses in their database or other assets. SMS SPAM OPERATION REBRANDS, CONTINUES TO LEAK CUSTOMER SMS Spam Operation Rebrands, Continues to Leak Customer Information. Posted By: Bob Diachenko April 14, 2020. Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 63 million customer emails and phone numbers. Rocket Text, formerly known asApexSMS, first
THE SHOCKING COST OF A DATA BREACH TO SMALL AND MEDIUMTHE COST OF DATA BREACHAVERAGE COST OF A BREACHAVERAGE COST OF A BREACH In the U.S. only: $7.35 million average cost of a data breach, up 25% since 2013. Average Cost per Record Breached. Globally: $141 average cost per record breached. In the U.S. only: $225 average cost per record breached. The numbers and data show the real cost of a data breach but yet many business owners and executives struggle to spend WHAT TO DO AFTER A DATA BREACH The more you understand about a data breach the better in the long run and the faster you can get back to work with better data protection. Here is some advice of what to do after a data breach. 1. Have a plan and never make it up as you go. In the event of a data breach or a cyber attack you need to act fast and gather the facts of what DATABASE WITH MILLIONS OF INDIAN PERSONAL RECORDS EXPOSED Database With Millions of Indian Personal Records Exposed and Hijacked. On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: There was no indication in the database aboutthe owner of
ESTEE LAUDER EXPOSED 440 MILLION RECORDS ONLINE Estee Lauder Exposed 440 Million Records Online. On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I could see audit logs that contained a large number of email DOW JONES RISK SCREENING WATCHLIST EXPOSED PUBLICLY IN ADOW JONES RISK DATABASEDOW JONES 30 INDUSTRIALS LISTDOW JONES INDUSTRIAL COMPANIES LISTDOW JONES LIVEDOW JONES STOCKSDOW JONES MARKETWATCH TODAY Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach. On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). DOCUMENT MANAGEMENT COMPANY LEFT CREDIT REPORTS ONLINE Document Management Company Left Credit Reports Online. On January 10th, I identified an unprotected Elasticsearch cluster which contained 51 GB of what appeared to be OCR ( Optical character recognition) credit and mortgages reports, with total number of records in the database more than 24 Million (24,349,524 to be exact).DISCOVERIES
What is our experience? Here are just a few of our data discoveries that have made headlines. The security research center was founded by Bob Diachenko, Director of Cyber Risk Research and Jeremiah Fowler, data analyst and security consultant.TESTING SERVICES
It has been noted that as much as 70% of these data breaches are caused by a disgruntled or malicious employee. Security Discovery’s periodic ‘penetration testing’ can help discover weaknesses in your infrastructure. We can help organizations to identify and fix vulnerabilities and weaknesses in their database or other assets. BLOG - SECURITY DISCOVERY We follow a responsible disclosure model with the discoveries we identify. Our primary goal is data protection and privacy. We fund our mission through security services andCONSULTING SERVICES
After the Crisis. We will work with you and provide regular external audits of your security and data protection. We can create intrusion detection exercise using a third party and simulate a “data breach”. We will train your leadership and key employees to understand crisis communication related to TOP 10 STEPS TO PREVENT A DATA BREACH 8. Hire a 3rd party to identify threats: Bring in independent auditors to identify vulnerabilities in your network, suspicious network activity and to help you prepare for any crisis or data leak. They can also identify if any private data is publicly accessible. Hiring outside experts can also help you plan a breach response. BOB DIACHENKO, AUTHOR AT SECURITY DISCOVERY A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records. On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony. PABBLY EMAIL MARKETING EXPOSES 51.2 MILLION RECORDS ONLINE Unfortunately, when emails are exposed legitimate marketing can be exploited for nefarious purposes. According to an article published by Securelist: In Q1 2019, the average share of spam in global mail traffic rose by 0.06 p.p. to 55.97 %, and the Anti-Phishing system prevented more than 111,832,308 redirects to phishing sites, up35,220,650
ONLINE EYEWEAR WEBSITES EXPOSE DATA OF 186K CUSTOMERS Online Eyewear Websites Expose Data of 186k Customers. In October 2019 I discovered a database that contained 186,000 sales records and 40.4 million visitor IP addresses. From October 23rd, 2019 to January 13th, 2020 I sent multiple emails and left numerous voice messages. HONDA EXPOSES VEHICLE OWNER RECORDS ON THE WEB Honda Exposes Vehicle Owner Records on the Web. On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser. An estimated 1 million records* in the database contained information US NON-PROFIT FOR INTERNATIONAL STUDY EXPOSES PRIVATE The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database on the web containing thousands of logs and links to private student documents. The databaseSECURITY DISCOVERY
CYBER SECURITY NEWS & CONSULTING SERVICESMENU
* About
* Testing Services
* Consulting Services * Conferences and Speaking * CCPA Compliance Service* Discoveries
* About
* Testing Services
* Consulting Services * Conferences and Speaking * CCPA Compliance Service* Discoveries
Blog , Data Breach
, database
November 23, 2020
LUXURY REAL ESTATE FIRM EXPOSED OWNER AND AGENT DATA ONLINE FOR MONTHS, LATER WIPED OUT BY MALICIOUS MEOW BOT On June 17th I discovered a dataset that contained a massive amount of records that were clearly related to a real estate and a home sale brokerage company. There were a total of 30.7 million… Like this story? Please share it! Facebook Twitter Email ShareRead More
-------------------------Blog , Data Breach
, database
November 13, 2020
HOSTING PROVIDER EXPOSED 63 MILLION RECORDS AND USER PASSWORDS On October 5th I discovered a non-password protected database that contained a large amount of monitoring and system logs. There were records indicating data backups, monitoring, error logging, and more. Upon further research, the database… Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
September 22,
2020
PROPERTY MANAGEMENT COMPANY EXPOSED 1.2 MILLION RECORDS ONLINE In June 2020, I discovered a large amount of records that contained detailed information on property renters, visitors, commercials leases, and much more. Upon further research it was clear that thiswas some type of…
Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
, Trending
August 17, 2020
AI COMPANY EXPOSED 2.5 MILLION RECORDS INCLUDING MEDICAL DATA OF AUTO ACCIDENT VICTIMS ONLINE In the ever-changing world of cyber security there are few types of records that are as valuable or sensitive as medical data. On July, 7th I discovered 2.5 million records that appeared to contain… Like this story? Please share it! Facebook Twitter Email Share -------------------------Data Breach ,
database July 7,
2020
HOME LOAN PROVIDER EXPOSED 695K RECORDS ONLINE Recently I discovered a large collection of what appeared to be records related to home loans. Upon further research the records were connected to Texas based Southwest Funding. On May 20th I discovered apublicly…
Like this story? Please share it! Facebook Twitter Email Share -------------------------Data Breach ,
database June 26,
2020
LARGEST US BUBBLE TEA SUPPLIER EXPOSED DATA ONLINE On April 28th I discovered a dataset that contained what appeared to be customer information, payment references and was labeled as production data. There were links to sales records and links that identified the owner… Like this story? Please share it! Facebook Twitter Email Share -------------------------Data Breach ,
elasticsearch
May 25, 2020
PERSONAL DETAILS AND IDS OF MILLIONS OF INDIAN FAMILIES EXPOSED AS A RESULT OF SECURITY INCIDENT On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for millions of families registered under Mukhya Mantri Parivar Samridhi Yojana (MMPSY), which is one of the… Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
, elasticsearch
May 8, 2020
PADI CERTIFIED DIVERS RECORDS EXPOSED IN A MISCONFIGURATION INCIDENT On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based divers certified by PADI, Professional Association of Diving Instructions. Cluster contained 2,313,197 records with the… Like this story? Please share it! Facebook Twitter Email Share -------------------------elasticsearch
April 21, 2020
ENERGY COMPANY IN POLAND EXPOSED DATA OF ITS CUSTOMERS On April 16th I have discovered an unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable information (PII). Upon closer examination, database appeared to be part of a cloud environment set… Like this story? Please share it! Facebook Twitter Email Share ------------------------- Blog , Data SecurityEducation
,
spammers April 14,
2020
SMS SPAM OPERATION REBRANDS, CONTINUES TO LEAK CUSTOMER INFORMATION Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 63 million customer emails and phone numbers. Rocket Text, formerly known as ApexSMS, first… Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
, elasticsearch
March 19, 2020
A UK-BASED SECURITY COMPANY SEEMED TO HAVE INADVERTENTLY EXPOSED ITS ‘LEAKS DATABASE’ WITH 5B+ RECORDS On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony… Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
, database
March 2, 2020
FREE WIFI USER DATA EXPOSED IN MULTIPLE UK TRAIN STATIONS On February 14th I discovered a non-password protected database that contained a massive amount of records totaling 146 million. Upon further review I was able to see connections to what appeared to befree wifi…
Like this story? Please share it! Facebook Twitter Email Share -------------------------Data Breach ,
database February
18, 2020
FAIRBRIDGE INN & SUITES EXPOSED CUSTOMER BOOKING PLATFORM Booking a hotel online is now so common that we consumers never give it a second thought when traveling. We enter our information, provide payment details and then cross our fingers. Unfortunately once weprovide…
Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
, database
, mongodb
February 13, 2020
US NON-PROFIT FOR INTERNATIONAL STUDY EXPOSES PRIVATE DOCUMENTS OF THOUSANDS OF STUDENTS: REPORT The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database on the web containing thousands of logs and links to private student documents. The database… Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , database
, Uncategorized
February 11,
2020
ESTEE LAUDER EXPOSED 440 MILLION RECORDS ONLINE On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I… Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
, database
February 4, 2020
PABBLY EMAIL MARKETING EXPOSES 51.2 MILLION RECORDS ONLINE Email marketing is big business and many companies rely on emails to keep in contact with their customers or potential customers. In the modern world of over priced pay per click ads targeted emailmarketing…
Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
, database
January 13, 2020
ONLINE EYEWEAR WEBSITES EXPOSE DATA OF 186K CUSTOMERS In October 2019 I discovered a database that contained 186,000 sales records and 40.4 million visitor IP addresses. From October 23rd, 2019 to January 13th, 2020 I sent multiple emails and left numerous voicemessages….
Like this story? Please share it! Facebook Twitter Email Share -------------------------Data Breach ,
database ,
elasticsearch
December 18, 2019
HONDA EXPOSES VEHICLE OWNER RECORDS ON THE WEB On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser…. Like this story? Please share it! Facebook Twitter Email Share -------------------------Data Breach ,
database ,
elasticsearch ,
Uncategorized
November 13, 2019
PRANK CALL SERVICE PRANKDIAL EXPOSED 138 MILLION RECORDS ONLINE On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent… Like this story? Please share it! Facebook Twitter Email Share -------------------------Blog , Data Breach
, database
, elasticsearch
October 28,
2019
2.59 MILLION CREDIT CARD TRANSACTIONS EXPOSED – Two data incidents just months apart from each other. Back in February 2019 I found a database that belonged to a Nigerian based company. The first database contained over 8 million records. The representativesreplied…
Like this story? Please share it! Facebook Twitter Email Share -------------------------POSTS NAVIGATION
1 2 … 4
Search for:
WANT TO STAY INFORMED? Sign up for our Newsletter (We Hate SPAM) First name or full nameABOUT OUR RESEARCH
We follow a responsible disclosure model with the discoveries we identify. Our primary goal is data protection and privacy. We fund our mission through security services and bug bounties or discovery rewards. Much of our non-consulting research is not for profit. To learn more please see our PRIVACY POLICYCONTACT US
alert@securitydiscovery.com+1-601-907-4240
Media Requests- Business Inquiries – SolutionsRECENT POSTS
* Luxury Real Estate Firm Exposed Owner and Agent Data Online For Months, Later Wiped Out By Malicious Meow Bot * Hosting Provider Exposed 63 Million Records and User Passwords * Property Management Company Exposed 1.2 Million Records Online * AI Company Exposed 2.5 Million Records Including Medical Data of Auto Accident Victims Online * Home Loan Provider Exposed 695k Records Online Copyright 2020 | SECURITY DISCOVERY Consulting✓
Thanks for sharing!
AddToAny
More…
Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0