Security Discovery - Cyber Security News & Consulting Services

Blog, Data Breach April 6, 2021

Office Depot Exposed Customer Records Online

On March 3rd, 2021 I discovered a non-password protected Elasticsearch database that contained just under a million records. The exposed records were labeled as “Production” and contained customer names, phone, physical addresses and more. The…

Like this story? Please share it!

Blog, Data Breach, database, Fintech March 17, 2021

Microfinance Bank’s Fintech App Leaks Customer Accounts Online

On March 3rd I discovered a non-password protected database that contained 271k records. It was clear from the start that these were banking and financial transactions. Upon further investigation I was able to identify that…

Like this story? Please share it!

Blog, Data Security Education, featured, services March 1, 2021

Security Discovery Co-Founder Launches Service to Protect and Support Older People

Technology can often be considered both a gift and a curse for a growing population of older people. It can enhance the way we communicate with our friends, family, and loved ones. Technology makes it…

Like this story? Please share it!

Data Breach, database February 2, 2021

Comcast Exposed Development Database Online

On December 1st, 2020 I discovered a non-password protected database that contained over 1.5 billion records. Inside the dataset were clear references to Comcast that included subdomains, urls, and internal IP addresses. The publicly visible…

Like this story? Please share it!

Data Breach, database, IoT January 26, 2021

Smart Home Device Exposed 1 Billion Records Online Including User Data

On Jan 19th I discovered an exposed dataset that contained a massive 1.2 billion records and 1.1 million “Logged in Users”. This is one of the largest datasets I have found in a very long…

Like this story? Please share it!

Data Breach December 11, 2020

Fotor Photo Editing App Leaked 13 Million Users’ Info Online

On October 15th I discovered a non-password protected database that contained a large number of internal records. There was a total of more than 123 million records exposed that contained a combination of test and…

Like this story? Please share it!

Blog, Data Breach, database November 23, 2020

Luxury Real Estate Firm Exposed Owner and Agent Data Online For Months, Later Wiped Out By Malicious Meow Bot

On June 17th I discovered a dataset that contained a massive amount of records that were clearly related to a real estate and a home sale brokerage company. There were a total of 30.7 million…

Like this story? Please share it!

Blog, Data Breach September 22, 2020

Property Management Company Exposed 1.2 Million Records Online

In June 2020, I discovered a large amount of records that contained detailed information on property renters, visitors, commercials leases, and much more. Upon further research it was clear that this was some type of…

Like this story? Please share it!

Blog, Data Breach, Trending August 17, 2020

AI Company Exposed 2.5 Million Records Including Medical Data of Auto Accident Victims Online

In the ever-changing world of cyber security there are few types of records that are as valuable or sensitive as medical data. On July, 7th I discovered 2.5 million records that appeared to contain…

Like this story? Please share it!

Data Breach, database July 7, 2020

Home Loan Provider Exposed 695k Records Online

Recently I discovered a large collection of what appeared to be records related to home loans. Upon further research the records were connected to Texas based Southwest Funding. On May 20th I discovered a publicly…

Like this story? Please share it!

Data Breach, database June 26, 2020

Largest US Bubble Tea Supplier Exposed Data Online

On April 28th I discovered a dataset that contained what appeared to be customer information, payment references and was labeled as production data. There were links to sales records and links that identified the owner…

Like this story? Please share it!

Data Breach, elasticsearch May 25, 2020

Personal Details and IDs of Millions of Indian Families Exposed As A Result of Security Incident

On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for millions of families registered under Mukhya Mantri Parivar Samridhi Yojana (MMPSY), which is one of the…

Like this story? Please share it!

Blog, Data Breach, elasticsearch May 8, 2020

PADI Certified Divers Records Exposed in a Misconfiguration Incident

On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based divers certified by PADI, Professional Association of Diving Instructions. Cluster contained 2,313,197 records with the…

Like this story? Please share it!

elasticsearch April 21, 2020

Energy Company in Poland Exposed Data of its Customers

On April 16th I have discovered an unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable information (PII). Upon closer examination, database appeared to be part of a cloud environment set…

Like this story? Please share it!

Blog, Data Security Education, spammers April 14, 2020

SMS Spam Operation Rebrands, Continues to Leak Customer Information

Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 63 million customer emails and phone numbers. Rocket Text, formerly known as ApexSMS, first…

Like this story? Please share it!

Blog, Data Breach, elasticsearch March 19, 2020

A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records

On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony…

Like this story? Please share it!

Blog, Data Breach, database March 2, 2020

Free Wifi User Data Exposed in Multiple UK Train Stations

On February 14th I discovered a non-password protected database that contained a massive amount of records totaling 146 million. Upon further review I was able to see connections to what appeared to be free wifi…

Like this story? Please share it!

Data Breach, database February 18, 2020

FairBridge Inn & Suites Exposed Customer Booking Platform

Booking a hotel online is now so common that we consumers never give it a second thought when traveling. We enter our information, provide payment details and then cross our fingers. Unfortunately once we provide…

Like this story? Please share it!

Blog, Data Breach, database, mongodb February 13, 2020

US non-profit for international study exposes private documents of thousands of students: report

The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database on the web containing thousands of logs and links to private student documents. The database…

Like this story? Please share it!