On June 17th I discovered a dataset that contained a massive amount of records that were clearly related to a […]
Hosting Provider Exposed 63 Million Records and User Passwords
On October 5th I discovered a non-password protected database that contained a large amount of monitoring and system logs. There […]
Property Management Company Exposed 1.2 Million Records Online
In June 2020, I discovered a large amount of records that contained detailed information on property renters, visitors, commercials leases, […]
AI Company Exposed 2.5 Million Records Including Medical Data of Auto Accident Victims Online
In the ever-changing world of cyber security there are few types of records that are as valuable or sensitive […]
Home Loan Provider Exposed 695k Records Online
Recently I discovered a large collection of what appeared to be records related to home loans. Upon further research the […]
Largest US Bubble Tea Supplier Exposed Data Online
On April 28th I discovered a dataset that contained what appeared to be customer information, payment references and was labeled […]
Personal Details and IDs of Millions of Indian Families Exposed As A Result of Security Incident
On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number forĀ […]
PADI Certified Divers Records Exposed in a Misconfiguration Incident
On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based […]
A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records
On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by […]
Free Wifi User Data Exposed in Multiple UK Train Stations
On February 14th I discovered a non-password protected database that contained a massive amount of records totaling 146 million. Upon […]
FairBridge Inn & Suites Exposed Customer Booking Platform
Booking a hotel online is now so common that we consumers never give it a second thought when traveling. We […]
US non-profit for international study exposes private documents of thousands of students: report
The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database […]
Pabbly Email Marketing Exposes 51.2 Million Records Online
Email marketing is big business and many companies rely on emails to keep in contact with their customers or potential […]
Online Eyewear Websites Expose Data of 186k Customers
In October 2019 I discovered a database that contained 186,000 sales records and 40.4 million visitor IP addresses. From October […]
Honda Exposes Vehicle Owner Records on the Web
On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared […]
Prank Call Service PrankDial Exposed 138 Million Records Online
On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records […]
2.59 Million Credit Card Transactions Exposed –
Two data incidents just months apart from each other. Back in February 2019 I found a database that belonged to […]
Religious Website and Software Provider Leaks Customer and Credit Card Data for Many Months
Religious website service Clover Sites exposed customer data for at least 6-7 months and the dataset was found twice on […]
Whirlpool Exposed Database with Home Appliances Scan Results
On October 1st, I have found a rather unusual web interface of Heartbeat monitoring service. The open and publicly available […]
When Test Data is Not Test Data
There is a growing trend among organizations and companies to simply deny that live production data is real. As a […]