On May 10th I identified a massive bulk of data sitting in an unprotected and publicly available Elasticsearch cluster (hence […]
Massive SMS Bombing Operation Uncovered In Passwordless Database
SMS marketing has been an increasing problem with the rise of scripts and applications and that send literally countless messages […]
Database With Millions of Indian Personal Records Exposed and Hijacked
On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information […]
Burger King’s Online Shop for Kids Exposed Data
Kool King Shop, (https://www.koolkingshop.fr/), a French-only online shop for kids who purchased Burger King’s menus, had customers data exposed in […]
AMC inadvertently exposed its subscribers database for Sundance Now and Shudder services
On May 1st I have discovered an unprotected and publicly available MongoDB instance which appeared to contain data related to […]
SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members
On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation […]
Iranian Ride-Hailing App Database Exposure
On April 18th, during our regular security audit of nonSql databases with BinaryEdge search engine, I have discovered an open […]
Large Privacy Breach In India: Millions of Pregnant Women Had Their Details Leaked
Medical data is among the most sensitive information that organizations can collect, store, or share. It is never a good […]
Spanish Gym Franchise Database Exposed By Partner’s Data Breach
On March 8th, 2019, I have identified a passwordless MongoDB database that was exposing sensitive information of an estimated 6,608 […]
NJ Based Home Health Radiology Services Leaked Nearly 40k Case Files
On March 1st I discovered a non-password protected database that contained what appeared to be medical case files. I immediately […]
A legal analytics company exposed passwordless database with sensitive documents
On March 2nd, 2019, I have discovered an open and unprotected Elasticsearch cluster which contained 257,287 legal documents labeled as ‘not […]
800+ Million Emails Leaked Online by Email Verification Service
On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive […]
Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach
On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster […]
Delhi Citizens Data Leak
On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India […]
Human Resources and employee management provider CavinHR leaks 400,000+ files including their customer’s employee files and internal employees.
CavinHR had a data breach. Automation and technology is important to any business where time is money, but one thing […]
Large eAccounting Data Breach in Mexico
On January 22, 2019, we have identified a passwordless MongoDB database with almost 5 Million records labeled as CFDI (short […]
A LatAm telecom company inadvertently exposed payment info of its subscribers
On Nov 29th 2018 I have identified an unprotected Elasticsearch cluster, available for public access, via Shodan engine. It took […]
Document Management Company Left Credit Reports Online
On January 10th, I identified an unprotected Elasticsearch cluster which contained 51 GB of what appeared to be OCR (Optical […]
The World’s Largest Youth-Run Organization Had a Data Breach
On January 11th, Bob Diachenko of SecurityDiscovery.com, identified another unprotected Elasticsearch instance which contained millions of records – this time […]
Indonesian Phone and Content Provider Tri.co.id Leaks Millions of Records Online
On December 1st 2018 Bob Diachenko found a misconfigured database that has publicly exposed millions of user contacts, SMS, and […]