28 Jul 2020

Cosmetics Giant Avon Leaks 19 Million Records

Researchers have uncovered a misconfigured cloud server operated by cosmetics brand Avon, allowing the public to access more than 19 million records. SafetyDetectives researchers found the Elasticsearch database on an Azure server that contained no password protection or encryption, meaning that anyone who has the server’s IP address could access

Read More
23 Jul 2020

Over 1500 Exposed Online Databases Wiped by “Meow” Attacker

Researcher Bob Diachenko discovered a new campaign consisting of 1500 online databases being wiped by an unknown attacker for no reason. The one similarity between the databases is that they were misconfigured and exposed to the public. Diachenko found a misconfigured databased belonging to a company based in Hong Kong,

Read More
23 Jul 2020

Leak Exposes Private Data of Genealogy Service Users

Researchers at WizCase discovered a misconfigured ElasticSearch server that held the personal information of 60,000 Ancestry.com users. The data contained files belonging to Software MacKiev and was accidentally left open and unencrypted. The leak puts the customers at risk for cyberattack attempts, including fraud and phishing. The data set included

Read More
14 Jul 2020

Leaked Details of 142 Million MGM Hotel Guests Found for Sale on Dark Web

Last summer, the MGM Hotel chain was hit with a cyberattack that now appears to be more expansive than previously estimated. Researchers stumbled upon a database on a dark web market listing 142 million personal details from former guests at the MGM Resorts hotels. This is evidence that the data

Read More
06 Jul 2020

V Shred Exposes Pics and PII on 100,000 Customers

V Shred, a US-based fitness company, suffered from a massive data breach due to a misconfigured Amazon database that left sensitive personal data and revealing photos of 100,000 customers open to the public. The S3 bucket contained over 1.3 million individual files, according to vpnMentor who discovered the leak on

Read More
29 Jun 2020

A Popular Study Tool Accidentally Exposed Millions Of Student Records

A database was discovered by vpnMentor researchers that included the private information of over a million students. The database was improperly secured, leaving the data publicly accessible. VpnMentor states that the data belonged to OneClass, which is an application allowing students to share study guides, class notes, and other materials.

Read More
26 Jun 2020

Domestic Abuse Victims Exposed in Cloud Misconfiguration

A developer at Aspire News, an application run by US non-profit When Georgia Smiled, misconfigured an AWS bucket that resulted in personal information of domestic abuse victims being exposed. Researchers at vpnMentor found voice recordings between emergency distress responders and domestic violence victims stored in a publicly accessible AWS S3

Read More
22 Jun 2020

Data from 200 US police departments & fusion centers published online

On Friday, an activist group that describes itself as a transparency collective published 296GB of data that appears to have been stolen from US law enforcement agencies and fusion centers. The massive data leak has been named BlueLeaks and was published by the group Distributed Denial of Secrets (DDoSecrets). The

Read More
16 Jun 2020

Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More

In late May, two security researchers uncovered a collection of public Amazon Web Services buckets containing data from a variety of dating apps including 3somes, Cougary, Xpal, BBW dating, SurgarD, Herpes Dating, and others. The researchers found roughly 845 gigabytes of information and almost 2.5 million records representing data from

Read More
01 Jun 2020

Amtrak Guest Rewards Breach Affects Personal Info

Amtrak, also known as the National Railroad Passenger Corporation, has disclosed it suffered from a cyberattack in which customer data was stolen by unauthorized access to information by a third party. Personal information and log-ins may have been stolen after the attack, which targeted Amtrak customers’ rewards accounts. The state-backed

Read More