On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for […]

On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for […]
On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based […]
On April 16th I have discovered an unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable […]
Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just […]
On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by […]
The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database […]
On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared […]
On October 1st, I have found a rather unusual web interface of Heartbeat monitoring service. The open and publicly available […]
On Sept 4th I have identified an open and unprotected Elasticsearch cluster containing sensitive details of customers of Calcioshop.it, popular […]
On September 9th, I have discovered three (3) open and unprotected MongoDB instances which appeared to be part of Librería Porrúa, […]
On July 5th I discovered two (!) open and publicly accessible MongoDB instances which appeared to be part of the […]
Bold.com, company behind popular solutions to help jobseekers find jobs, and help businesses find candidates – LiveCareer, Resume-Now, my Perfect Resume, Mighty […]
On August 14th I have sent a responsible disclosure notice to Gartner, the world’s leading information technology research and advisory company, […]
FamilaFacil, a Madrid-based home and family job search platform, has exposed its MongoDB database with details on their users and […]
In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. […]
On August 4th I discovered an open and unprotected MongoDB database which appeared to be part of a Spanish company […]
A database belonging to online voting system provider Everyone Counts has been exposed, leaving what appears to be “randomized and […]
Back in June I decided to check how many open Jenkins instances are available for search and did additional parsing […]
Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all […]
In another MongoDB-related misconfiguration incident, a UK-based company exposed personal and payment data of several hundreds of its customers. On […]