Delhi Citizens Data Leak

On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals…

Like this story? Please share it!


Large eAccounting Data Breach in Mexico

On January 22, 2019, we have identified a passwordless MongoDB database with almost 5 Million records labeled as CFDI  (short for Comprobantes Fiscal Digital por Internet) – the electronic billing schema defined by the Mexican federal tax…

Like this story? Please share it!



Document Management Company Left Credit Reports Online

On January 10th, I identified an unprotected Elasticsearch cluster which contained 51 GB of what appeared to be OCR (Optical character recognition) credit and mortgages reports, with total number of records in the database more…

Like this story? Please share it!


The World’s Largest Youth-Run Organization Had a Data Breach

On January 11th, Bob Diachenko of SecurityDiscovery.com, identified another unprotected Elasticsearch instance which contained millions of records – this time related to AIESEC, “the world’s largest youth-run organization. According to Wikipedia the AIESEC network has…

Like this story? Please share it!

What to do after a data breach

Two words no one wants to hear are “data breach”. It can not only be a nightmare for your reputation but could also result in fines or legal trouble. So the reality is no one…

Like this story? Please share it!


The Howard Hughes Corporation Leaks Database Passwords

Researchers from SecurityDiscovery.com have found a security flaw in an Apache Airflow instance which allows anybody with an internet connection to view database credentials. It appears that the instance belongs to the Howard Hughes Corporation….

Like this story? Please share it!


Top 10 Steps to prevent a Data Breach

  Today more than ever we live in a digital world that changes faster than we can protect the files and data we have stored. There is no silver bullet or magic solution to preventing…

Like this story? Please share it!




The Real Value of a Breach Discovery Bounty

What is a Breach Discovery Bounty? You may have heard of a “Bug Bounty” before? It is a program offered by many websites and software developers pay compensation for reporting bugs, especially those pertaining to…

Like this story? Please share it!