Articles by Jeremiah Fowler

Data Breach, database, elasticsearch, Uncategorized November 13, 2019

Prank Call Service PrankDial Exposed 138 Million Records Online

On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch October 28, 2019

2.59 Million Credit Card Transactions Exposed – Electronic Settlements Limited

Two massive data incidents just months apart from each other. Back in February 2019 I found a database that belonged to Nigerian based Electronic Settlements Limited / CashEnvoy. The first database contained over 8 million…

Like this story? Please share it!

Blog, Data Breach, elasticsearch October 22, 2019

Religious Website and Software Provider Leaks Customer and Credit Card Data for Many Months

Religious website service Clover Sites exposed customer data for at least 6-7 months and the dataset was found twice on two separate databases. On May 22nd I discovered and reported a data exposure incident involving…

Like this story? Please share it!

Blog, Data Breach, Data Security Education October 11, 2019

When Test Data is Not Test Data

There is a growing trend among organizations and companies to simply deny that live production data is real. As a security researcher I often hear that everyone is a small start-up and all data is…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch, Uncategorized September 19, 2019

Mattress Company Exposes 387k Customer Records Online

On September 5th I discovered a non-password protected database that contained 1 folder named “Customers”. Every file contained references to Verlo Mattress Factory and appeared to be customer data. Upon further investigation there were indications…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch September 11, 2019

Auto Dealer Leads Network Exposed 198 Million Records Online

On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of 198 million records. The most shocking part was that I had seen this dataset several…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch, Uncategorized August 23, 2019

Fundraising Platform Exposes 7.5 Million Records Online

Online fundraising is a growing industry that has raised many billions of dollars for worthy causes from around the street to around the world. The concept of small donations from many people can have a…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch August 7, 2019

Leadership for Educational Equity Exposes 3.69 Million Members Online

On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I knew this information should not be publicly accessible and began trying to identify the ownership….

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch July 25, 2019

Cheers – English Whiskey Club Leaked Info of 23,362 Members Online

On May 29th I discovered a database that contained what appeared to be a member list. Like most database names that do not clearly identify the ownership, this one was named Martha Johansson. I assume…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch July 23, 2019

Jana Small Finance Bank Exposed Millions of Records Online

On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon further research I was able to connect the data to an Indian based microfinance bank…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch May 28, 2019

Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online

On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and…

Like this story? Please share it!

Data Breach, database, elasticsearch May 27, 2019

Company Offering Unique Experiences, Wine Tours, and Kids’ Parties Exposes 212,220 Records Online

On May 11th I discovered a non password protected Elastic database that contained detailed customer records and leads or potential customers. Upon further investigation of the data it appeared to belong to an Australian based…

Like this story? Please share it!

Data Breach, database, elasticsearch May 21, 2019

Golf App Exposes 218k Users’ Data Online

On April 1st Bob Diachenko discovered a non-password protected Elastic database that appeared to contain millions of records detailing golf games, courses, messages, and other player data. Upon further investigation there were many references to GAME…

Like this story? Please share it!

Blog, Data Breach, elasticsearch April 29, 2019

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members

On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data…

Like this story? Please share it!

Blog, Data Breach March 19, 2019

NJ Based Home Health Radiology Services Leaked Nearly 40k Case Files

On March 1st I discovered a non-password protected database that contained what appeared to be medical case files. I immediately notified the organization that we suspected was responsible based on information found inside the database….

Like this story? Please share it!

Blog, Data Breach February 18, 2019

Human Resources and employee management provider CavinHR leaks 400,000+ files including their customer’s employee files and internal employees.

CavinHR had a data breach. Automation and technology is important to any business where time is money, but one thing to never overlook is cyber security. It is common knowledge in the business world that…

Like this story? Please share it!

Data Security Education February 6, 2019

Data Breaches by Insiders, Are You at Risk?

An astonishing 1 in 4 data breaches happen because of someone inside the organization and not a malicious actor. In 2018 a data breach report by Verizon found that 25% of attacks were made by…

Like this story? Please share it!

Blog January 23, 2019

Hundreds of VOIP Phone Databases Left Exposed No Password Needed and Ready to be Exploited

VOIP is Voice over Internet Protocol and just as the name suggests it allows for the delivery of voice communications and multimedia over the internet. As a security researcher I find lots of interesting things…

Like this story? Please share it!

Data Security Education January 16, 2019

What to do after a data breach

Two words no one wants to hear are “data breach”. It can not only be a nightmare for your reputation but could also result in fines or legal trouble. So the reality is no one…

Like this story? Please share it!

Blog, Data Breach December 5, 2018

Marriott Hotels Reservation Database Exposes Data of 500 Million Guests

More Data More Problems This data breach will go down in the history books, not for how many customers’ records were exposed, but for the way Marriott fumbled the disclosure and resolution process. It seems…

Like this story? Please share it!