Blog

Blog, Data Breach, world February 27, 2019

Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach

On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look…

Like this story? Please share it!

Blog, Data Breach February 21, 2019

Delhi Citizens Data Leak

On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals…

Like this story? Please share it!

Blog, Data Breach February 18, 2019

Human Resources and employee management provider CavinHR leaks 400,000+ files including their customer’s employee files and internal employees.

CavinHR had a data breach. Automation and technology is important to any business where time is money, but one thing to never overlook is cyber security. It is common knowledge in the business world that…

Like this story? Please share it!

Blog, Data Breach February 11, 2019

Large eAccounting Data Breach in Mexico

On January 22, 2019, we have identified a passwordless MongoDB database with almost 5 Million records labeled as CFDI (short for Comprobantes Fiscal Digital por Internet) – the electronic billing schema defined by the Mexican federal tax…

Like this story? Please share it!

Blog, Data Breach January 23, 2019

Document Management Company Left Credit Reports Online

On January 10th, I identified an unprotected Elasticsearch cluster which contained 51 GB of what appeared to be OCR (Optical character recognition) credit and mortgages reports, with total number of records in the database more…

Like this story? Please share it!

Blog January 23, 2019

Hundreds of VOIP Phone Databases Left Exposed No Password Needed and Ready to be Exploited

VOIP is Voice over Internet Protocol and just as the name suggests it allows for the delivery of voice communications and multimedia over the internet. As a security researcher I find lots of interesting things…

Like this story? Please share it!

Blog, Data Breach January 21, 2019

The World’s Largest Youth-Run Organization Had a Data Breach

On January 11th, Bob Diachenko of SecurityDiscovery.com, identified another unprotected Elasticsearch instance which contained millions of records – this time related to AIESEC, “the world’s largest youth-run organization. According to Wikipedia the AIESEC network has…

Like this story? Please share it!

Blog, Data Breach January 11, 2019

Indonesian Phone and Content Provider Tri.co.id Leaks Millions of Records Online

On December 1st 2018 Bob Diachenko found a misconfigured database that has publicly exposed millions of user contacts, SMS, and call records that appear to belong to Tri.co.id. With over 260 million total records this…

Like this story? Please share it!

Blog, Data Breach December 10, 2018

The Howard Hughes Corporation Leaks Database Passwords

Researchers from SecurityDiscovery.com have found a security flaw in an Apache Airflow instance which allows anybody with an internet connection to view database credentials. It appears that the instance belongs to the Howard Hughes Corporation….

Like this story? Please share it!

Blog, Data Breach December 5, 2018

Marriott Hotels Reservation Database Exposes Data of 500 Million Guests

More Data More Problems This data breach will go down in the history books, not for how many customers’ records were exposed, but for the way Marriott fumbled the disclosure and resolution process. It seems…

Like this story? Please share it!

Blog, Data Breach November 9, 2018

Children’s charity Kars4Kids leaks info on thousands of donors, internal passwords online, and evidence of a ransom attack.

Kars4Kids is a charity that asks people to donate their cars, motorcycles, RVs, and real estate. They are most known for their nationwide advertising using their hypnotic theme song where a child and a Johny…

Like this story? Please share it!

Security Discovery

Cyber Security News & Consulting Services

Blog

Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach

Delhi Citizens Data Leak

Human Resources and employee management provider CavinHR leaks 400,000+ files including their customer’s employee files and internal employees.

Large eAccounting Data Breach in Mexico

Document Management Company Left Credit Reports Online

Hundreds of VOIP Phone Databases Left Exposed No Password Needed and Ready to be Exploited

The World’s Largest Youth-Run Organization Had a Data Breach

Indonesian Phone and Content Provider Tri.co.id Leaks Millions of Records Online

The Howard Hughes Corporation Leaks Database Passwords

Marriott Hotels Reservation Database Exposes Data of 500 Million Guests

Children’s charity Kars4Kids leaks info on thousands of donors, internal passwords online, and evidence of a ransom attack.