Health Website Leaks 8 Million COVID-19 Test Results
In India, a teenaged ethical hacker named Sourajeet Majumder uncovered a flawed endpoint associated with a health department in the state of Bengal that exposed eight million Covid-19 test results and personally identifiable information. The data leak, likely a human-related error, has exposed confidential health information for an entire geographic
Mobile Health Apps Found to Expose Records of Millions of Users
A recent analysis of 30 popular mobile health applications has concluded that many expose the full patient records to millions of people due to API vulnerabilities. The research was conducted by Alissa Night with Knight Ink, on behalf of mobile API protection firm Approov. The applications were still vulnerable to
Brazilian authorities start probe as 102 million consumers are exposed in new leak
Yesterday, Brazil’s National Data Protection Authority informed the public that it had launched an investigation into a massive data leak in which more than 102 million records were exposed. The leak marks the second largest of the year. The information exposed in the incident includes names, taxpayer registration numbers, phone
Misconfigured Cloud Server Exposes 66,000 Gamers
Roughly 30GB of data impacting tens of thousands of users has been exposed due to a misconfigured Elasticsearch server owned by popular gaming site VIPGames.com. The site has 100,000 Google Play downloads and boasts 20,000 active daily players globally. Researchers at WizCase found the server, which contained no encryption or
Nissan Source Code Leaked via Misconfigured Git Server
A misconfigured Git server has resulted in sensitive information pertaining to the company Nissan being leaked. The information exposed in the breach includes the source code of mobile apps, diagnostics tools, market research tools, and sensitive data. The Git server was left publicly exposed with a default username and basic
Misconfigured AWS Bucket Exposes Hundreds of Social Influencers
According to vpnMentor, a misconfigured amazon web services bucket has exposed the personal details of hundreds of social media influencers. This puts them at risk for fraud, harassment, and other safety threats. The AWS S3 bucket was left wide open with no encryption or password protection. VpnMentor found the site
Up to 350,000 Spotify Users Targeted by Credential Stuffers
Spotify users have been targeted by credential stuffers in a massive attack campaign discovered by a team at vpnMentor on July 3. According to vpnMentor, the database contained hundreds of millions of user records and was hosted on a completely unsecured Easticsearch server. The database contained 72GB of information, including
Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak
TronicsXchange, a US-based electronics retailer, has reportedly exposed over 2.6 million files. Website Planet researchers were the first to uncover the security snafu when they discovered a misconfigured AWS S3 bucket containing troves of sensitive information, including ID cards, fingerprints, and other biometric data. The bucket was found on October
Dating Site Bumble Leaves Swipes Unsecured for 100M Users
Popular dating site Bumble has accidentally exposed the personal information of 100 million users due to an API bug. Information disclosed includes political leanings, education, distance, height, weight, and other sensitive data that could be of interest to hackers or foreign adversaries. A researcher at Independent Security Evaluators discovered the
COVID-19 Data-Sharing App Leaked Healthcare Worker Info
An app used by healthcare workers in the Philippines has suffered from a data leak exposing sensitive patient data and credentials. The platform, COVID-KAYA, is widely used across the country to share data about COVID-19 cases. The application contained multiple critical flaws that left it vulnerable to data leaks or