database

Blog, Data Breach, database November 24, 2021

Digital Marketing Agency Exposed 92 Million Records Online Including Employee and Client Data.

Several months ago I discovered a non-password protected database that contained 92 million records. Upon further investigation it appeared to belong to the Cronin digital marketing agency. The exposed server was named “Cronin-Main” and many…

Like this story? Please share it!

Blog, Data Breach, database October 28, 2021

Medical AI Company Exposed Millions of Records Online

Recently I discovered a non-password protected database that contained 886,521,320 records. The total size of the dataset was 68.53 GB and contained medical related data. Upon further research there were multiple references to company called…

Like this story? Please share it!

Blog, Data Breach, database October 13, 2021

Enterprise software developer leaked 82 million records online

Recently I discovered a non-password-protected database that contained over 82 million records. The records had information that referenced multiple companies, including Whole Foods Market (owned by Amazon) and Skaggs public safety and uniform company that…

Like this story? Please share it!

Blog, Data Breach, database August 25, 2021

Porn Blocking App Exposed User Data Online

Porn Blocking App called BlockerX Suffered a data leak that may have potentially put vulnerable users at risk. On August 2nd, I discovered a non-password-protected database containing a large number of publicly exposed records. Among…

Like this story? Please share it!

Blog, Data Breach, database, Fintech March 17, 2021

Microfinance Bank’s Fintech App Leaks Customer Accounts Online

On March 3rd I discovered a non-password protected database that contained 271k records. It was clear from the start that these were banking and financial transactions. Upon further investigation I was able to identify that…

Like this story? Please share it!

Data Breach, database February 2, 2021

Comcast Exposed Development Database Online

On December 1st, 2020 I discovered a non-password protected database that contained over 1.5 billion records. Inside the dataset were clear references to Comcast that included subdomains, urls, and internal IP addresses. The publicly visible…

Like this story? Please share it!

Data Breach, database, IoT January 26, 2021

Smart Home Device Exposed 1 Billion Records Online Including User Data

On Jan 19th I discovered an exposed dataset that contained a massive 1.2 billion records and 1.1 million “Logged in Users”. This is one of the largest datasets I have found in a very long…

Like this story? Please share it!

Blog, Data Breach, database November 23, 2020

Luxury Real Estate Firm Exposed Owner and Agent Data Online For Months, Later Wiped Out By Malicious Meow Bot

On June 17th I discovered a dataset that contained a massive amount of records that were clearly related to a real estate and a home sale brokerage company. There were a total of 30.7 million…

Like this story? Please share it!

Data Breach, database July 7, 2020

Home Loan Provider Exposed 695k Records Online

Recently I discovered a large collection of what appeared to be records related to home loans. Upon further research the records were connected to Texas based Southwest Funding. On May 20th I discovered a publicly…

Like this story? Please share it!

Data Breach, database June 26, 2020

Largest US Bubble Tea Supplier Exposed Data Online

On April 28th I discovered a dataset that contained what appeared to be customer information, payment references and was labeled as production data. There were links to sales records and links that identified the owner…

Like this story? Please share it!

Blog, Data Breach, database March 2, 2020

Free Wifi User Data Exposed in Multiple UK Train Stations

On February 14th I discovered a non-password protected database that contained a massive amount of records totaling 146 million. Upon further review I was able to see connections to what appeared to be free wifi…

Like this story? Please share it!

Data Breach, database February 18, 2020

FairBridge Inn & Suites Exposed Customer Booking Platform

Booking a hotel online is now so common that we consumers never give it a second thought when traveling. We enter our information, provide payment details and then cross our fingers. Unfortunately once we provide…

Like this story? Please share it!

Blog, Data Breach, database, mongodb February 13, 2020

US non-profit for international study exposes private documents of thousands of students: report

The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database on the web containing thousands of logs and links to private student documents. The database…

Like this story? Please share it!

Blog, database, Uncategorized February 11, 2020

Estee Lauder Exposed 440 Million Records Online

On January 30th I discovered a non-password protected database that contained a massive amount of records totaling 440,336,852. Upon further review I was able to see connections to New York based cosmetic company Estée Lauder. I…

Like this story? Please share it!

Blog, Data Breach, database February 4, 2020

Pabbly Email Marketing Exposes 51.2 Million Records Online

Email marketing is big business and many companies rely on emails to keep in contact with their customers or potential customers. In the modern world of over priced pay per click ads targeted email marketing…

Like this story? Please share it!

Blog, Data Breach, database January 13, 2020

Online Eyewear Websites Expose Data of 186k Customers

In October 2019 I discovered a database that contained 186,000 sales records and 40.4 million visitor IP addresses. From October 23rd, 2019 to January 13th, 2020 I sent multiple emails and left numerous voice messages….

Like this story? Please share it!

Data Breach, database, elasticsearch December 18, 2019

Honda Exposes Vehicle Owner Records on the Web

On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser….

Like this story? Please share it!

Data Breach, database, elasticsearch, Uncategorized November 13, 2019

Prank Call Service PrankDial Exposed 138 Million Records Online

On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch October 28, 2019

2.59 Million Credit Card Transactions Exposed –

Two data incidents just months apart from each other. Back in February 2019 I found a database that belonged to a Nigerian based company. The first database contained over 8 million records. The representatives replied…

Like this story? Please share it!