A British cybersecurity researcher uncovered his own personal data exposed online after discovering an unsecured database. The unprotected Elasticsearch database was found by Bob Diachenko, leader of security research at Comparitech, on August 22 of this year. Diachenko found 200GB of digital index records dating back a decade. The information

According to a statement released by Fortinet, credentials stolen from 87,000 unpatched SSL-VPNs have been posted to an online forum by former Babuk gang members for free. On Wednesday, BleepingComputer reported that it had been a miscommunication with a threat actor who leaked nearly half a million Fortinet VPN credentials.

Chinese game developer EskyFun Entertainment Network Limited accidentally exposed the personal and device details of over one million players after leaving an internet-facing server unsecured. Researchers at vpnMentor first discovered the unprotected Elasticsearch server on July 5. After no reply from the parent company, they contacted the Hong Kong CERT

According to reports from cybersecurity firm UpGuard, sensitive data including Covid-19 vaccination status, Social Security numbers, and email addresses have been exposed due to default configuration settings on Microsoft Power Apps. UpGaurd found that there were several different data leaks that, in total, exposed 38 million data records via Microsoft

In January, students at Brooklyn Technical High School reportedly uncovered a Google Drive containing sensitive documents uploaded by staff and students at schools across NYC. The documents included college recommendation letters, classwork, parent-teacher conference sign-up sheets, and more. The students raised the alarm on the data breach, which involved teachers’

Misconfigurations in Artwork Archive, a platform used to connect artists to potential buyers, allegedly led to a data leak in which the personally identifiable information (PII) of users was exposed. The WizCase team reported that they discovered a misconfigured Amazon S3 bucket belonging to the platform. The researchers stated that

Mercedez Benz has released further details of a data breach that impacts customers and prospective buyers located in the US. On June 11, the luxury carmaker stated that they were contacted by a vendor that information was accidentally made accessible on a cloud storage platform. A third-party researcher allegedly discovered

More than one billion records pertaining to customers at CVS have been exposed due to a misconfiguration error on the service’s cloud database. The database was left unprotected, without a password required to access the sensitive data. The leak was discovered by researcher Jeremiah Fowler, who determined the size of

US retailer Carter’s has suffered from a data leak that exposed the personally identifiable information (PII) of hundreds of thousands of customers. However, unlike many data leaks, the incident was not the result of an unsecured bucket or misconfigured cloud storage system, rather the leak was caused by relaxed security

An unprotected server hosting AMT Games user data has been discovered by security researchers at WizCase. The researchers found that the Elasticsearch server contained the personal data of 6 million players of AMT’s popular game Battle for the Galaxy. The server contained over 1 terabyte of unencrypted data, meaning that