In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. […]
Sex Sells! Spanish Chain of “Men’s Clubs” Exposed Its Database
On August 4th I discovered an open and unprotected MongoDB database which appeared to be part of a Spanish company […]
Leadership for Educational Equity Exposes 3.69 Million Members Online
On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I […]
Even randomized dummy data should be protected
A database belonging to online voting system provider Everyone Counts has been exposed, leaving what appears to be “randomized and […]
Cheers – English Whiskey Club Leaked Info of 23,362 Members Online
On May 29th I discovered a database that contained what appeared to be a member list. Like most database names […]
Jana Small Finance Bank Exposed Millions of Records Online
On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon […]
GE Aviation exposed internal configs via open Jenkins instance
Back in June I decided to check how many open Jenkins instances are available for search and did additional parsing […]
The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all […]
London-based Marketplace Accidentally Exposed Personal Details of its Customers
In another MongoDB-related misconfiguration incident, a UK-based company exposed personal and payment data of several hundreds of its customers. On […]
Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online
On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on […]
SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members
On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation […]
Iranian Ride-Hailing App Database Exposure
On April 18th, during our regular security audit of nonSql databases with BinaryEdge search engine, I have discovered an open […]
Massive Spam Operation Uncovered In A Database Leak
Sometimes databases are left wide open not only by legit companies, but misconfigured by malicious actors themselves. Last month I […]
Large Privacy Breach In India: Millions of Pregnant Women Had Their Details Leaked
Medical data is among the most sensitive information that organizations can collect, store, or share. It isĀ never a good […]
Auchan France Left Digital Keys Exposed
On March 21, 2019, I have discovered a publicly available service instance which appeared to contain credentials and login details […]
Spanish Gym Franchise Database Exposed By Partner’s Data Breach
On March 8th, 2019, I have identified a passwordless MongoDB database that was exposing sensitive information of an estimated 6,608 […]
NJ Based Home Health Radiology Services Leaked Nearly 40k Case Files
On March 1st I discovered a non-password protected database that contained what appeared to be medical case files. I immediately […]
800+ Million Emails Leaked Online by Email Verification Service
On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive […]
Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach
On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster […]
Delhi Citizens Data Leak
On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India […]