Researchers have uncovered a misconfigured cloud server operated by cosmetics brand Avon, allowing the public to access more than 19 million records. SafetyDetectives researchers found the Elasticsearch database on an Azure server that contained no password protection or encryption, meaning that anyone who has the server’s IP address could access

Researcher Bob Diachenko discovered a new campaign consisting of 1500 online databases being wiped by an unknown attacker for no reason. The one similarity between the databases is that they were misconfigured and exposed to the public. Diachenko found a misconfigured databased belonging to a company based in Hong Kong,

Researchers at WizCase discovered a misconfigured ElasticSearch server that held the personal information of 60,000 Ancestry.com users. The data contained files belonging to Software MacKiev and was accidentally left open and unencrypted. The leak puts the customers at risk for cyberattack attempts, including fraud and phishing. The data set included

Last summer, the MGM Hotel chain was hit with a cyberattack that now appears to be more expansive than previously estimated. Researchers stumbled upon a database on a dark web market listing 142 million personal details from former guests at the MGM Resorts hotels. This is evidence that the data

V Shred, a US-based fitness company, suffered from a massive data breach due to a misconfigured Amazon database that left sensitive personal data and revealing photos of 100,000 customers open to the public. The S3 bucket contained over 1.3 million individual files, according to vpnMentor who discovered the leak on

A database was discovered by vpnMentor researchers that included the private information of over a million students. The database was improperly secured, leaving the data publicly accessible. VpnMentor states that the data belonged to OneClass, which is an application allowing students to share study guides, class notes, and other materials.

A developer at Aspire News, an application run by US non-profit When Georgia Smiled, misconfigured an AWS bucket that resulted in personal information of domestic abuse victims being exposed. Researchers at vpnMentor found voice recordings between emergency distress responders and domestic violence victims stored in a publicly accessible AWS S3

On Friday, an activist group that describes itself as a transparency collective published 296GB of data that appears to have been stolen from US law enforcement agencies and fusion centers. The massive data leak has been named BlueLeaks and was published by the group Distributed Denial of Secrets (DDoSecrets). The

In late May, two security researchers uncovered a collection of public Amazon Web Services buckets containing data from a variety of dating apps including 3somes, Cougary, Xpal, BBW dating, SurgarD, Herpes Dating, and others. The researchers found roughly 845 gigabytes of information and almost 2.5 million records representing data from

Amtrak, also known as the National Railroad Passenger Corporation, has disclosed it suffered from a cyberattack in which customer data was stolen by unauthorized access to information by a third party. Personal information and log-ins may have been stolen after the attack, which targeted Amtrak customers’ rewards accounts. The state-backed