Blog | Security Discovery

Mon Aug 12 2019 Data Breach Database Elasticsearch

Microfinance Agency Exposed Thousands of Customer Records

In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. […]

Bob Diachenko

Cyber Threat Intelligence Director

Thu Aug 08 2019 Data Breach Data Security Education

Sex Sells! Spanish Chain of “Men’s Clubs” Exposed Its Database

On August 4th I discovered an open and unprotected MongoDB database which appeared to be part of a Spanish company […]

Bob Diachenko

Cyber Threat Intelligence Director

Wed Aug 07 2019 Data Breach Database Elasticsearch

Leadership for Educational Equity Exposes 3.69 Million Members Online

Security Researchers discover millions of member names and addresses connected to Leadership for Educational Equity a Washington DC based non-profit

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

Mon Jul 29 2019 Data Security Education

Even randomized dummy data should be protected

A database belonging to online voting system provider Everyone Counts has been exposed, leaving what appears to be “randomized and […]

Bob Diachenko

Cyber Threat Intelligence Director

Thu Jul 25 2019 Data Breach Database Elasticsearch

Cheers – English Whiskey Club Leaked Info of 23,362 Members Online

Security Researchers find database of English Whisky Co of Ltd Norwich, UK. The database contained thousands of records and member data.

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

Tue Jul 23 2019 Data Breach Database Elasticsearch

Jana Small Finance Bank Exposed Millions of Records Online

Security Researched discovered massive data leak of Indian based Jana Small Finance Bank, Janalakshmi Financial Services.

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

Mon Jul 08 2019 Data Breach Data Security Education

GE Aviation exposed internal configs via open Jenkins instance

Back in June I decided to check how many open Jenkins instances are available for search and did additional parsing […]

Bob Diachenko

Cyber Threat Intelligence Director

Mon Jun 03 2019 Data Breach Elasticsearch

The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records

Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all […]

Bob Diachenko

Cyber Threat Intelligence Director

Wed May 29 2019 Data Breach

London-based Marketplace Accidentally Exposed Personal Details of its Customers

In another MongoDB-related misconfiguration incident, a UK-based company exposed personal and payment data of several hundreds of its customers. On […]

Bob Diachenko

Cyber Threat Intelligence Director

Tue May 28 2019 Data Breach Database Elasticsearch

Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online

Researchers found a non password protected database that contained millions of dating app records. Read more about the Chinese dating app data leak.

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

Mon May 27 2019 Data Breach Database Elasticsearch

Company Offering Unique Experiences, Wine Tours, and Kids’ Parties Exposes 212,220 Records Online

Melbourne, Australia based Amazingco exposed customer data online. Security Researcher has found more 174k customer files that were publicly accessible.

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

Tue May 21 2019 Data Breach Database Elasticsearch

Golf App Exposes 218k Users’ Data Online

Security Researchers discover millions of records that appear to belong to GAME GOLF Poitentaly sensitive files include 218k user accounts that were exposed

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

Mon May 13 2019 Data Breach Database Elasticsearch

Panama Citizens Massive Data Breach

On May 10th I identified a massive bulk of data sitting in an unprotected and publicly available Elasticsearch cluster (hence […]

Bob Diachenko

Cyber Threat Intelligence Director

Thu May 09 2019 Data Breach

Massive SMS Bombing Operation Uncovered In Passwordless Database

SMS marketing has been an increasing problem with the rise of scripts and applications and that send literally countless messages […]

Bob Diachenko

Cyber Threat Intelligence Director

Wed May 08 2019 Data Breach Database

Database With Millions of Indian Personal Records Exposed and Hijacked

On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information […]

Bob Diachenko

Cyber Threat Intelligence Director

Tue May 07 2019 Data Breach Elasticsearch

Burger King’s Online Shop for Kids Exposed Data

Kool King Shop, (https://www.koolkingshop.fr/), a French-only online shop for kids who purchased Burger King’s menus, had customers data exposed in […]

Bob Diachenko

Cyber Threat Intelligence Director

Fri May 03 2019 Data Breach Database

AMC inadvertently exposed its subscribers database for Sundance Now and Shudder services

On May 1st I have discovered an unprotected and publicly available MongoDB instance which appeared to contain data related to […]

Bob Diachenko

Cyber Threat Intelligence Director

Mon Apr 29 2019 Data Breach Elasticsearch

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members

SkyMed medical exposed thousands of members data online and there was evidence of ransomware inside the database. Medical data leak.

Jeremiah Fowler

Director of Security Research and Senior Communications Consultant

Thu Apr 18 2019 Data Breach Database

Iranian Ride-Hailing App Database Exposure

On April 18th, during our regular security audit of nonSql databases with BinaryEdge search engine, I have discovered an open […]

Bob Diachenko

Cyber Threat Intelligence Director

Tue Apr 02 2019 Database Elasticsearch

Massive Spam Operation Uncovered In A Database Leak

Sometimes databases are left wide open not only by legit companies, but misconfigured by malicious actors themselves. Last month I […]

Bob Diachenko

Cyber Threat Intelligence Director

Articles

Microfinance Agency Exposed Thousands of Customer Records

Sex Sells! Spanish Chain of “Men’s Clubs” Exposed Its Database

Leadership for Educational Equity Exposes 3.69 Million Members Online

Even randomized dummy data should be protected

Cheers – English Whiskey Club Leaked Info of 23,362 Members Online

Jana Small Finance Bank Exposed Millions of Records Online

GE Aviation exposed internal configs via open Jenkins instance

The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records

London-based Marketplace Accidentally Exposed Personal Details of its Customers

Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online

Company Offering Unique Experiences, Wine Tours, and Kids’ Parties Exposes 212,220 Records Online

Golf App Exposes 218k Users’ Data Online

Panama Citizens Massive Data Breach

Massive SMS Bombing Operation Uncovered In Passwordless Database

Database With Millions of Indian Personal Records Exposed and Hijacked

Burger King’s Online Shop for Kids Exposed Data

AMC inadvertently exposed its subscribers database for Sundance Now and Shudder services

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members

Iranian Ride-Hailing App Database Exposure

Massive Spam Operation Uncovered In A Database Leak