On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for […]
PADI Certified Divers Records Exposed in a Misconfiguration Incident
On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based […]
Energy Company in Poland Exposed Data of its Customers
On April 16th I have discovered an unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable […]
SMS Spam Operation Rebrands, Continues to Leak Customer Information
Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just […]
A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records
On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by […]
US non-profit for international study exposes private documents of thousands of students: report
The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database […]
Honda Exposes Vehicle Owner Records on the Web
On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared […]
Whirlpool Exposed Database with Home Appliances Scan Results
On October 1st, I have found a rather unusual web interface of Heartbeat monitoring service. The open and publicly available […]
Large Italian Online Shop Exposed Customers Details
On Sept 4th I have identified an open and unprotected Elasticsearch cluster containing sensitive details of customers of Calcioshop.it, popular […]
Mexican Online Bookstore Exposed Data – Again
On September 9th, I have discovered three (3) open and unprotected MongoDB instances which appeared to be part of Librería Porrúa, […]
Banking Trojan Database Exposed – Millions of Users At Risk
On July 5th I discovered two (!) open and publicly accessible MongoDB instances which appeared to be part of the […]
Bold.com Exposed Its Internal Infrastructure
Bold.com, company behind popular solutions to help jobseekers find jobs, and help businesses find candidates – LiveCareer, Resume-Now, my Perfect Resume, Mighty […]
Gartner’s Legacy System Exposed Online
On August 14th I have sent a responsible disclosure notice to Gartner, the world’s leading information technology research and advisory company, […]
Home and Family Job Search Engine Exposed Its Database
FamilaFacil, a Madrid-based home and family job search platform, has exposed its MongoDB database with details on their users and […]
Microfinance Agency Exposed Thousands of Customer Records
In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. […]
Sex Sells! Spanish Chain of “Men’s Clubs” Exposed Its Database
On August 4th I discovered an open and unprotected MongoDB database which appeared to be part of a Spanish company […]
Even randomized dummy data should be protected
A database belonging to online voting system provider Everyone Counts has been exposed, leaving what appears to be “randomized and […]
GE Aviation exposed internal configs via open Jenkins instance
Back in June I decided to check how many open Jenkins instances are available for search and did additional parsing […]
The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all […]
London-based Marketplace Accidentally Exposed Personal Details of its Customers
In another MongoDB-related misconfiguration incident, a UK-based company exposed personal and payment data of several hundreds of its customers. On […]