On Sept 4th I have identified an open and unprotected Elasticsearch cluster containing sensitive details of customers of Calcioshop.it, popular […]
Mexican Online Bookstore Exposed Data – Again
On September 9th, I have discovered three (3) open and unprotected MongoDB instances which appeared to be part of Librería Porrúa, […]
Investment Research Company Exposed Subscribers, Credit Card Data, and Evidence of Ransomware
Way back in March, 2019 Security Discovery’s Bob Diachenko discovered a non-password protected database that contained 18,000 user names, mailing […]
Mattress Company Exposes 387k Customer Records Online
On September 5th I discovered a non-password protected database that contained 1 folder named “Customers”. Every file contained references to […]
Bold.com Exposed Its Internal Infrastructure
Bold.com, company behind popular solutions to help jobseekers find jobs, and help businesses find candidates – LiveCareer, Resume-Now, my Perfect Resume, Mighty […]
Auto Dealer Leads Network Exposed 198 Million Records Online
On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of […]
Fundraising Platform Exposes 7.5 Million Records Online
Online fundraising is a growing industry that has raised many billions of dollars for worthy causes from around the street […]
UK Property Preservation Company Has Data Exposed Online by 3rd Party
On July 30th I discovered an open database that contained 18,667 records including names, account numbers, transaction details, user credentials, […]
Home and Family Job Search Engine Exposed Its Database
FamilaFacil, a Madrid-based home and family job search platform, has exposed its MongoDB database with details on their users and […]
Microfinance Agency Exposed Thousands of Customer Records
In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. […]
Sex Sells! Spanish Chain of “Men’s Clubs” Exposed Its Database
On August 4th I discovered an open and unprotected MongoDB database which appeared to be part of a Spanish company […]
Leadership for Educational Equity Exposes 3.69 Million Members Online
On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I […]
Cheers – English Whiskey Club Leaked Info of 23,362 Members Online
On May 29th I discovered a database that contained what appeared to be a member list. Like most database names […]
Jana Small Finance Bank Exposed Millions of Records Online
On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon […]
GE Aviation exposed internal configs via open Jenkins instance
Back in June I decided to check how many open Jenkins instances are available for search and did additional parsing […]
The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all […]
London-based Marketplace Accidentally Exposed Personal Details of its Customers
In another MongoDB-related misconfiguration incident, a UK-based company exposed personal and payment data of several hundreds of its customers. On […]
Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online
On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on […]
Company Offering Unique Experiences, Wine Tours, and Kids’ Parties Exposes 212,220 Records Online
On May 11th I discovered a non password protected Elastic database that contained detailed customer records and leads or potential […]
Golf App Exposes 218k Users’ Data Online
On April 1st Bob Diachenko discovered a non-password protected Elastic database that appeared to contain millions of records detailing golf […]