Articles by Jeremiah Fowler

Blog, Data Breach, database, elasticsearch August 7, 2019

Leadership for Educational Equity Exposes 3.69 Million Members Online

On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I knew this information should not be publicly accessible and began trying to identify the ownership….

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch July 25, 2019

Cheers – English Whiskey Club Leaked Info of 23,362 Members Online

On May 29th I discovered a database that contained what appeared to be a member list. Like most database names that do not clearly identify the ownership, this one was named Martha Johansson. I assume…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch July 23, 2019

Jana Small Finance Bank Exposed Millions of Records Online

On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon further research I was able to connect the data to an Indian based microfinance bank…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch May 28, 2019

Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online

On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and…

Like this story? Please share it!

Data Breach, database, elasticsearch May 27, 2019

Company Offering Unique Experiences, Wine Tours, and Kids’ Parties Exposes 212,220 Records Online

On May 11th I discovered a non password protected Elastic database that contained detailed customer records and leads or potential customers. Upon further investigation of the data it appeared to belong to an Australian based…

Like this story? Please share it!

Data Breach, database, elasticsearch May 21, 2019

Golf App Exposes 218k Users’ Data Online

On April 1st Bob Diachenko discovered a non-password protected Elastic database that appeared to contain millions of records detailing golf games, courses, messages, and other player data. Upon further investigation there were many references to GAME…

Like this story? Please share it!

Blog, Data Breach, elasticsearch April 29, 2019

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members

On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data…

Like this story? Please share it!

Blog, Data Breach March 19, 2019

NJ Based Home Health Radiology Services Leaked Nearly 40k Case Files

On March 1st I discovered a non-password protected database that contained what appeared to be medical case files. I immediately notified the organization that we suspected was responsible based on information found inside the database….

Like this story? Please share it!

Blog, Data Breach February 18, 2019

Human Resources and employee management provider CavinHR leaks 400,000+ files including their customer’s employee files and internal employees.

CavinHR had a data breach. Automation and technology is important to any business where time is money, but one thing to never overlook is cyber security. It is common knowledge in the business world that…

Like this story? Please share it!

Data Security Education February 6, 2019

Data Breaches by Insiders, Are You at Risk?

An astonishing 1 in 4 data breaches happen because of someone inside the organization and not a malicious actor. In 2018 a data breach report by Verizon found that 25% of attacks were made by…

Like this story? Please share it!

Blog January 23, 2019

Hundreds of VOIP Phone Databases Left Exposed No Password Needed and Ready to be Exploited

VOIP is Voice over Internet Protocol and just as the name suggests it allows for the delivery of voice communications and multimedia over the internet. As a security researcher I find lots of interesting things…

Like this story? Please share it!

Data Security Education January 16, 2019

What to do after a data breach

Two words no one wants to hear are “data breach”. It can not only be a nightmare for your reputation but could also result in fines or legal trouble. So the reality is no one…

Like this story? Please share it!

Blog, Data Breach December 5, 2018

Marriott Hotels Reservation Database Exposes Data of 500 Million Guests

More Data More Problems This data breach will go down in the history books, not for how many customers’ records were exposed, but for the way Marriott fumbled the disclosure and resolution process. It seems…

Like this story? Please share it!

Data Security Education November 13, 2018

Top 10 Steps to prevent a Data Breach

Today more than ever we live in a digital world that changes faster than we can protect the files and data we have stored. There is no silver bullet or magic solution to preventing…

Like this story? Please share it!

Data Security Education November 2, 2018

The Shocking Cost of a Data Breach to Small and Medium Sized Businesses

Small Businesses Are Under Attack now more than ever before. Let’s face it the tech giants have the resources to focus on the data security of their customers and users. Even though they spend millions…

Like this story? Please share it!

Data Security Education November 2, 2018

Can Your Business Survive? The Average Cost of a Data Breach is $7.35 million

A data breach can devastate a business or private entity unlike anything else. It is estimated that over 50% of U.S. businesses have had some form of a cyber attack in the past year. The…

Like this story? Please share it!

Data Security Education November 2, 2018

The Real Value of a Breach Discovery Bounty

What is a Breach Discovery Bounty? You may have heard of a “Bug Bounty” before? It is a program offered by many websites and software developers pay compensation for reporting bugs, especially those pertaining to…

Like this story? Please share it!