On February 14th I discovered a non-password protected database that contained a massive amount of records totaling 146 million. Upon […]
US non-profit for international study exposes private documents of thousands of students: report
The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database […]
Estee Lauder Exposed 440 Million Records Online
On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review […]
Pabbly Email Marketing Exposes 51.2 Million Records Online
Email marketing is big business and many companies rely on emails to keep in contact with their customers or potential […]
Online Eyewear Websites Expose Data of 186k Customers
In October 2019 I discovered a database that contained 186,000 sales records and 40.4 million visitor IP addresses. From October […]
2.59 Million Credit Card Transactions Exposed –
Two data incidents just months apart from each other. Back in February 2019 I found a database that belonged to […]
Religious Website and Software Provider Leaks Customer and Credit Card Data for Many Months
Religious website service Clover Sites exposed customer data for at least 6-7 months and the dataset was found twice on […]
When Test Data is Not Test Data
There is a growing trend among organizations and companies to simply deny that live production data is real. As a […]
Investment Research Company Exposed Subscribers, Credit Card Data, and Evidence of Ransomware
Way back in March, 2019 Security Discovery’s Bob Diachenko discovered a non-password protected database that contained 18,000 user names, mailing […]
Mattress Company Exposes 387k Customer Records Online
On September 5th I discovered a non-password protected database that contained 1 folder named “Customers”. Every file contained references to […]
Auto Dealer Leads Network Exposed 198 Million Records Online
On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of […]
Fundraising Platform Exposes 7.5 Million Records Online
Online fundraising is a growing industry that has raised many billions of dollars for worthy causes from around the street […]
UK Property Preservation Company Has Data Exposed Online by 3rd Party
On July 30th I discovered an open database that contained 18,667 records including names, account numbers, transaction details, user credentials, […]
Home and Family Job Search Engine Exposed Its Database
FamilaFacil, a Madrid-based home and family job search platform, has exposed its MongoDB database with details on their users and […]
Microfinance Agency Exposed Thousands of Customer Records
In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. […]
Sex Sells! Spanish Chain of “Men’s Clubs” Exposed Its Database
On August 4th I discovered an open and unprotected MongoDB database which appeared to be part of a Spanish company […]
Leadership for Educational Equity Exposes 3.69 Million Members Online
On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I […]
Even randomized dummy data should be protected
A database belonging to online voting system provider Everyone Counts has been exposed, leaving what appears to be “randomized and […]
Cheers – English Whiskey Club Leaked Info of 23,362 Members Online
On May 29th I discovered a database that contained what appeared to be a member list. Like most database names […]
Jana Small Finance Bank Exposed Millions of Records Online
On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon […]