In India, a teenaged ethical hacker named Sourajeet Majumder uncovered a flawed endpoint associated with a health department in the state of Bengal that exposed eight million Covid-19 test results and personally identifiable information. The data leak, likely a human-related error, has exposed confidential health information for an entire geographic

A recent analysis of 30 popular mobile health applications has concluded that many expose the full patient records to millions of people due to API vulnerabilities. The research was conducted by Alissa Night with Knight Ink, on behalf of mobile API protection firm Approov. The applications were still vulnerable to

Yesterday, Brazil’s National Data Protection Authority informed the public that it had launched an investigation into a massive data leak in which more than 102 million records were exposed. The leak marks the second largest of the year. The information exposed in the incident includes names, taxpayer registration numbers, phone

Roughly 30GB of data impacting tens of thousands of users has been exposed due to a misconfigured Elasticsearch server owned by popular gaming site VIPGames.com. The site has 100,000 Google Play downloads and boasts 20,000 active daily players globally. Researchers at WizCase found the server, which contained no encryption or

A misconfigured Git server has resulted in sensitive information pertaining to the company Nissan being leaked. The information exposed in the breach includes the source code of mobile apps, diagnostics tools, market research tools, and sensitive data. The Git server was left publicly exposed with a default username and basic

According to vpnMentor, a misconfigured amazon web services bucket has exposed the personal details of hundreds of social media influencers. This puts them at risk for fraud, harassment, and other safety threats. The AWS S3 bucket was left wide open with no encryption or password protection. VpnMentor found the site

Spotify users have been targeted by credential stuffers in a massive attack campaign discovered by a team at vpnMentor on July 3. According to vpnMentor, the database contained hundreds of millions of user records and was hosted on a completely unsecured Easticsearch server. The database contained 72GB of information, including

TronicsXchange, a US-based electronics retailer, has reportedly exposed over 2.6 million files. Website Planet researchers were the first to uncover the security snafu when they discovered a misconfigured AWS S3 bucket containing troves of sensitive information, including ID cards, fingerprints, and other biometric data. The bucket was found on October

Popular dating site Bumble has accidentally exposed the personal information of 100 million users due to an API bug. Information disclosed includes political leanings, education, distance, height, weight, and other sensitive data that could be of interest to hackers or foreign adversaries. A researcher at Independent Security Evaluators discovered the

An app used by healthcare workers in the Philippines has suffered from a data leak exposing sensitive patient data and credentials. The platform, COVID-KAYA, is widely used across the country to share data about COVID-19 cases. The application contained multiple critical flaws that left it vulnerable to data leaks or