On October 5th I discovered a non-password protected database that contained a large amount of monitoring and system logs. There […]
Property Management Company Exposed 1.2 Million Records Online
In June 2020, I discovered a large amount of records that contained detailed information on property renters, visitors, commercials leases, […]
AI Company Exposed 2.5 Million Records Including Medical Data of Auto Accident Victims Online
In the ever-changing world of cyber security there are few types of records that are as valuable or sensitive […]
PADI Certified Divers Records Exposed in a Misconfiguration Incident
On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based […]
SMS Spam Operation Rebrands, Continues to Leak Customer Information
Earlier this year, I discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just […]
A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records
On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by […]
Free Wifi User Data Exposed in Multiple UK Train Stations
On February 14th I discovered a non-password protected database that contained a massive amount of records totaling 146 million. Upon […]
US non-profit for international study exposes private documents of thousands of students: report
The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database […]
Estee Lauder Exposed 440 Million Records Online
On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review […]
Pabbly Email Marketing Exposes 51.2 Million Records Online
Email marketing is big business and many companies rely on emails to keep in contact with their customers or potential […]
Online Eyewear Websites Expose Data of 186k Customers
In October 2019 I discovered a database that contained 186,000 sales records and 40.4 million visitor IP addresses. From October […]
2.59 Million Credit Card Transactions Exposed –
Two data incidents just months apart from each other. Back in February 2019 I found a database that belonged to […]
Religious Website and Software Provider Leaks Customer and Credit Card Data for Many Months
Religious website service Clover Sites exposed customer data for at least 6-7 months and the dataset was found twice on […]
When Test Data is Not Test Data
There is a growing trend among organizations and companies to simply deny that live production data is real. As a […]
Investment Research Company Exposed Subscribers, Credit Card Data, and Evidence of Ransomware
Way back in March, 2019 Security Discovery’s Bob Diachenko discovered a non-password protected database that contained 18,000 user names, mailing […]
Mattress Company Exposes 387k Customer Records Online
On September 5th I discovered a non-password protected database that contained 1 folder named “Customers”. Every file contained references to […]
Auto Dealer Leads Network Exposed 198 Million Records Online
On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of […]
Fundraising Platform Exposes 7.5 Million Records Online
Online fundraising is a growing industry that has raised many billions of dollars for worthy causes from around the street […]
UK Property Preservation Company Has Data Exposed Online by 3rd Party
On July 30th I discovered an open database that contained 18,667 records including names, account numbers, transaction details, user credentials, […]
Home and Family Job Search Engine Exposed Its Database
FamilaFacil, a Madrid-based home and family job search platform, has exposed its MongoDB database with details on their users and […]