On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for […]
PADI Certified Divers Records Exposed in a Misconfiguration Incident
On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based […]
Energy Company in Poland Exposed Data of its Customers
On April 16th I have discovered an unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable […]
A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records
On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by […]
Honda Exposes Vehicle Owner Records on the Web
On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared […]
Prank Call Service PrankDial Exposed 138 Million Records Online
On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records […]
2.59 Million Credit Card Transactions Exposed –
Two data incidents just months apart from each other. Back in February 2019 I found a database that belonged to […]
Religious Website and Software Provider Leaks Customer and Credit Card Data for Many Months
Religious website service Clover Sites exposed customer data for at least 6-7 months and the dataset was found twice on […]
Large Italian Online Shop Exposed Customers Details
On Sept 4th I have identified an open and unprotected Elasticsearch cluster containing sensitive details of customers of Calcioshop.it, popular […]
Investment Research Company Exposed Subscribers, Credit Card Data, and Evidence of Ransomware
Way back in March, 2019 Security Discovery’s Bob Diachenko discovered a non-password protected database that contained 18,000 user names, mailing […]
Mattress Company Exposes 387k Customer Records Online
On September 5th I discovered a non-password protected database that contained 1 folder named “Customers”. Every file contained references to […]
Bold.com Exposed Its Internal Infrastructure
Bold.com, company behind popular solutions to help jobseekers find jobs, and help businesses find candidates – LiveCareer, Resume-Now, my Perfect Resume, Mighty […]
Auto Dealer Leads Network Exposed 198 Million Records Online
On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of […]
Gartner’s Legacy System Exposed Online
On August 14th I have sent a responsible disclosure notice to Gartner, the world’s leading information technology research and advisory company, […]
Fundraising Platform Exposes 7.5 Million Records Online
Online fundraising is a growing industry that has raised many billions of dollars for worthy causes from around the street […]
Microfinance Agency Exposed Thousands of Customer Records
In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. […]
Leadership for Educational Equity Exposes 3.69 Million Members Online
On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I […]
Cheers – English Whiskey Club Leaked Info of 23,362 Members Online
On May 29th I discovered a database that contained what appeared to be a member list. Like most database names […]
Jana Small Finance Bank Exposed Millions of Records Online
On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon […]
The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all […]