22 Sep 2021

Data of 106 Million Visitors to Thailand Breached

A British cybersecurity researcher uncovered his own personal data exposed online after discovering an unsecured database. The unprotected Elasticsearch database was found by Bob Diachenko, leader of security research at Comparitech, on August 22 of this year. Diachenko found 200GB of digital index records dating back a decade. The information

Read More
10 Sep 2021

Thousands of Fortinet VPN Account Credentials Leaked

According to a statement released by Fortinet, credentials stolen from 87,000 unpatched SSL-VPNs have been posted to an online forum by former Babuk gang members for free. On Wednesday, BleepingComputer reported that it had been a miscommunication with a threat actor who leaked nearly half a million Fortinet VPN credentials.

Read More
27 Aug 2021

Chinese Developer Exposes Data on Over One Million Gamers

Chinese game developer EskyFun Entertainment Network Limited accidentally exposed the personal and device details of over one million players after leaving an internet-facing server unsecured. Researchers at vpnMentor first discovered the unprotected Elasticsearch server on July 5. After no reply from the parent company, they contacted the Hong Kong CERT

Read More
24 Aug 2021

Microsoft Power Apps misconfiguration exposes 38 million data records

According to reports from cybersecurity firm UpGuard, sensitive data including Covid-19 vaccination status, Social Security numbers, and email addresses have been exposed due to default configuration settings on Microsoft Power Apps. UpGaurd found that there were several different data leaks that, in total, exposed 38 million data records via Microsoft

Read More
23 Aug 2021

NYC Teachers’ Social Security Numbers Exposed

In January, students at Brooklyn Technical High School reportedly uncovered a Google Drive containing sensitive documents uploaded by staff and students at schools across NYC. The documents included college recommendation letters, classwork, parent-teacher conference sign-up sheets, and more. The students raised the alarm on the data breach, which involved teachers’

Read More
16 Jul 2021

Artwork Archive cloud storage misconfiguration exposed user data, revenue records

Misconfigurations in Artwork Archive, a platform used to connect artists to potential buyers, allegedly led to a data leak in which the personally identifiable information (PII) of users was exposed. The WizCase team reported that they discovered a misconfigured Amazon S3 bucket belonging to the platform. The researchers stated that

Read More
28 Jun 2021

Mercedes Benz Data Leak Includes Card and Social Security Details

Mercedez Benz has released further details of a data breach that impacts customers and prospective buyers located in the US. On June 11, the luxury carmaker stated that they were contacted by a vendor that information was accidentally made accessible on a cloud storage platform. A third-party researcher allegedly discovered

Read More
18 Jun 2021

A Billion CVS Records Exposed

More than one billion records pertaining to customers at CVS have been exposed due to a misconfiguration error on the service’s cloud database. The database was left unprotected, without a password required to access the sensitive data. The leak was discovered by researcher Jeremiah Fowler, who determined the size of

Read More
11 Jun 2021

Lax security around URL shortener exposed PII of US retailer Carter’s customer base

US retailer Carter’s has suffered from a data leak that exposed the personally identifiable information (PII) of hundreds of thousands of customers. However, unlike many data leaks, the incident was not the result of an unsecured bucket or misconfigured cloud storage system, rather the leak was caused by relaxed security

Read More
04 Jun 2021

‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles

An unprotected server hosting AMT Games user data has been discovered by security researchers at WizCase. The researchers found that the Elasticsearch server contained the personal data of 6 million players of AMT’s popular game Battle for the Galaxy. The server contained over 1 terabyte of unencrypted data, meaning that

Read More