Recently I discovered a non-password protected database that contained a total of 170,239 records. The data contained details of medical workers, nurses, and caregivers. These employee profiles exposed names, phone, email, home addresses. The accounts also contained links to images of the employees,...
Recently I discovered a non-password protected database that contained 886,521,320 records. The total size of the dataset was 68.53 GB and contained medical related data. Upon further research there were multiple references to company called Deep6.AI including internal emails and usernames. We immed...
Porn Blocking App called BlockerX Suffered a data leak that may have potentially put vulnerable users at risk. On August 2nd, I discovered a non-password-protected database containing a large number of publicly exposed records. Among discovered data are user’s personal data, links to Amazon AW...
On December 1st, 2020 I discovered a non-password protected database that contained over 1.5 billion records. Inside the dataset were clear references to Comcast that included subdomains, urls, and internal IP addresses. The publicly visible records included dashboard permissions, logging, client IP...
Recently I discovered a large collection of what appeared to be records related to home loans. Upon further research the records were connected to Texas based Southwest Funding. On May 20th I discovered a publicly accessible database that contained a large amount of records. I was able to see inform...
On April 28th I discovered a dataset that contained what appeared to be customer information, payment references and was labeled as production data. There were links to sales records and links that identified the owner of the database was Lollicupstore. As soon as I could validate the data, I sent a...
Booking a hotel online is now so common that we consumers never give it a second thought when traveling. We enter our information, provide payment details and then cross our fingers. Unfortunately once we provide our data to a company or organization we no longer have control over how our personal d...
On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I could see audit logs that contained a large number of email addresses...
In October 2019 I discovered a database that contained 186,000 sales records and 40.4 million visitor IP addresses. From October 23rd, 2019 to January 13th, 2020 I sent multiple emails and left numerous voice messages. My messages were completely ignored and I can only assume based on their lack of ...
On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser. An estimated 1 million records* in the database contained information ab...