26 Feb 2021

Health Website Leaks 8 Million COVID-19 Test Results

In India, a teenaged ethical hacker named Sourajeet Majumder uncovered a flawed endpoint associated with a health department in the state of Bengal that exposed eight million Covid-19 test results and personally identifiable information. The data leak, likely a human-related error, has exposed confidential health information for an entire geographic

Read More
12 Feb 2021

Mobile Health Apps Found to Expose Records of Millions of Users

A recent analysis of 30 popular mobile health applications has concluded that many expose the full patient records to millions of people due to API vulnerabilities. The research was conducted by Alissa Night with Knight Ink, on behalf of mobile API protection firm Approov. The applications were still vulnerable to

Read More
12 Feb 2021

Brazilian authorities start probe as 102 million consumers are exposed in new leak

Yesterday, Brazil’s National Data Protection Authority informed the public that it had launched an investigation into a massive data leak in which more than 102 million records were exposed. The leak marks the second largest of the year. The information exposed in the incident includes names, taxpayer registration numbers, phone

Read More
26 Jan 2021

Misconfigured Cloud Server Exposes 66,000 Gamers

Roughly 30GB of data impacting tens of thousands of users has been exposed due to a misconfigured Elasticsearch server owned by popular gaming site VIPGames.com. The site has 100,000 Google Play downloads and boasts 20,000 active daily players globally. Researchers at WizCase found the server, which contained no encryption or

Read More
07 Jan 2021

Nissan Source Code Leaked via Misconfigured Git Server

A misconfigured Git server has resulted in sensitive information pertaining to the company Nissan being leaked. The information exposed in the breach includes the source code of mobile apps, diagnostics tools, market research tools, and sensitive data. The Git server was left publicly exposed with a default username and basic

Read More
30 Dec 2020

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

According to vpnMentor, a misconfigured amazon web services bucket has exposed the personal details of hundreds of social media influencers. This puts them at risk for fraud, harassment, and other safety threats. The AWS S3 bucket was left wide open with no encryption or password protection. VpnMentor found the site

Read More
24 Nov 2020

Up to 350,000 Spotify Users Targeted by Credential Stuffers

Spotify users have been targeted by credential stuffers in a massive attack campaign discovered by a team at vpnMentor on July 3. According to vpnMentor, the database contained hundreds of millions of user records and was hosted on a completely unsecured Easticsearch server. The database contained 72GB of information, including

Read More
18 Nov 2020

Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak

TronicsXchange, a US-based electronics retailer, has reportedly exposed over 2.6 million files. Website Planet researchers were the first to uncover the security snafu when they discovered a misconfigured AWS S3 bucket containing troves of sensitive information, including ID cards, fingerprints, and other biometric data. The bucket was found on October

Read More
17 Nov 2020

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Popular dating site Bumble has accidentally exposed the personal information of 100 million users due to an API bug. Information disclosed includes political leanings, education, distance, height, weight, and other sensitive data that could be of interest to hackers or foreign adversaries. A researcher at Independent Security Evaluators discovered the

Read More
11 Nov 2020

COVID-19 Data-Sharing App Leaked Healthcare Worker Info

An app used by healthcare workers in the Philippines has suffered from a data leak exposing sensitive patient data and credentials. The platform, COVID-KAYA, is widely used across the country to share data about COVID-19 cases. The application contained multiple critical flaws that left it vulnerable to data leaks or

Read More