Data Breach

Data Breach, database, mongodb May 3, 2019

AMC inadvertently exposed its subscribers database for Sundance Now and Shudder services

On May 1st I have discovered an unprotected and publicly available MongoDB instance which appeared to contain data related to AMC Networks’ premium streaming offerings – Sundance NOW and Shudder. Although no sensitive information was…

Like this story? Please share it!

Blog, Data Breach, elasticsearch April 29, 2019

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members

On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data…

Like this story? Please share it!

Blog, Data Breach, database, mongodb April 18, 2019

Iranian Ride-Hailing App Database Exposure

On April 18th, during our regular security audit of nonSql databases with BinaryEdge search engine, I have discovered an open and publicly available MongoDB instance which contained astonishingly sensitive information on Iranian drivers. Information was…

Like this story? Please share it!

Blog, Data Breach April 1, 2019

Large Privacy Breach In India: Millions of Pregnant Women Had Their Details Leaked

Medical data is among the most sensitive information that organizations can collect, store, or share. It is never a good idea to store medical data in plain text or leave it publicly accessible. The nightmare…

Like this story? Please share it!

Blog, Data Breach March 20, 2019

Spanish Gym Franchise Database Exposed By Partner’s Data Breach

On March 8th, 2019, I have identified a passwordless MongoDB database that was exposing sensitive information of an estimated 6,608 VivaGym job candidates and other business related data. VivaGym is a Spanish low-cost gym franchise…

Like this story? Please share it!

Blog, Data Breach March 19, 2019

NJ Based Home Health Radiology Services Leaked Nearly 40k Case Files

On March 1st I discovered a non-password protected database that contained what appeared to be medical case files. I immediately notified the organization that we suspected was responsible based on information found inside the database….

Like this story? Please share it!

Data Breach March 15, 2019

A legal analytics company exposed passwordless database with sensitive documents

On March 2nd, 2019, I have discovered an open and unprotected Elasticsearch cluster which contained 257,287 legal documents labeled as ‘not designated for publication‘. The research was part of our initiative to identify and alert organizations…

Like this story? Please share it!

Blog, Data Breach March 7, 2019

800+ Million Emails Leaked Online by Email Verification Service

On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number…

Like this story? Please share it!

Blog, Data Breach, world February 27, 2019

Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach

On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look…

Like this story? Please share it!

Blog, Data Breach February 21, 2019

Delhi Citizens Data Leak

On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals…

Like this story? Please share it!

Blog, Data Breach February 18, 2019

Human Resources and employee management provider CavinHR leaks 400,000+ files including their customer’s employee files and internal employees.

CavinHR had a data breach. Automation and technology is important to any business where time is money, but one thing to never overlook is cyber security. It is common knowledge in the business world that…

Like this story? Please share it!

Blog, Data Breach February 11, 2019

Large eAccounting Data Breach in Mexico

On January 22, 2019, we have identified a passwordless MongoDB database with almost 5 Million records labeled as CFDI (short for Comprobantes Fiscal Digital por Internet) – the electronic billing schema defined by the Mexican federal tax…

Like this story? Please share it!

Data Breach January 24, 2019

A LatAm telecom company inadvertently exposed payment info of its subscribers

On Nov 29th 2018 I have identified an unprotected Elasticsearch cluster, available for public access, via Shodan engine. It took me some time before I analyzed the data and noted that almost all payment information…

Like this story? Please share it!

Blog, Data Breach January 23, 2019

Document Management Company Left Credit Reports Online

On January 10th, I identified an unprotected Elasticsearch cluster which contained 51 GB of what appeared to be OCR (Optical character recognition) credit and mortgages reports, with total number of records in the database more…

Like this story? Please share it!

Blog, Data Breach January 21, 2019

The World’s Largest Youth-Run Organization Had a Data Breach

On January 11th, Bob Diachenko of SecurityDiscovery.com, identified another unprotected Elasticsearch instance which contained millions of records – this time related to AIESEC, “the world’s largest youth-run organization. According to Wikipedia the AIESEC network has…

Like this story? Please share it!

Blog, Data Breach January 11, 2019

Indonesian Phone and Content Provider Tri.co.id Leaks Millions of Records Online

On December 1st 2018 Bob Diachenko found a misconfigured database that has publicly exposed millions of user contacts, SMS, and call records that appear to belong to Tri.co.id. With over 260 million total records this…

Like this story? Please share it!

Blog, Data Breach December 10, 2018

The Howard Hughes Corporation Leaks Database Passwords

Researchers from SecurityDiscovery.com have found a security flaw in an Apache Airflow instance which allows anybody with an internet connection to view database credentials. It appears that the instance belongs to the Howard Hughes Corporation….

Like this story? Please share it!

Blog, Data Breach December 5, 2018

Marriott Hotels Reservation Database Exposes Data of 500 Million Guests

More Data More Problems This data breach will go down in the history books, not for how many customers’ records were exposed, but for the way Marriott fumbled the disclosure and resolution process. It seems…

Like this story? Please share it!

Blog, Data Breach November 9, 2018

Children’s charity Kars4Kids leaks info on thousands of donors, internal passwords online, and evidence of a ransom attack.

Kars4Kids is a charity that asks people to donate their cars, motorcycles, RVs, and real estate. They are most known for their nationwide advertising using their hypnotic theme song where a child and a Johny…

Like this story? Please share it!