Energy Company in Poland Exposed Data of its Customers

On April 16th I have discovered an unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable information (PII). Upon closer examination, database appeared to be part of a cloud environment set…

Like this story? Please share it!






Estee Lauder Exposed 440 Million Records Online

On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I…

Like this story? Please share it!









Large Italian Online Shop Exposed Customers Details

On Sept 4th I have identified an open and unprotected Elasticsearch cluster containing sensitive details of customers of Calcioshop.it, popular online shop in Italy for football accessories. Database contained 408,995 records with information about Calcioshop customer…

Like this story? Please share it!

Mexican Online Bookstore Exposed Data – Again

On September 9th, I have discovered three (3) open and unprotected MongoDB instances which appeared to be part of Librería Porrúa, a long-established bookseller based in Mexico. This case would have been left unnoticed if I…

Like this story? Please share it!