11 Jun 2021

Lax security around URL shortener exposed PII of US retailer Carter’s customer base

US retailer Carter’s has suffered from a data leak that exposed the personally identifiable information (PII) of hundreds of thousands of customers. However, unlike many data leaks, the incident was not the result of an unsecured bucket or misconfigured cloud storage system, rather the leak was caused by relaxed security

Read More
04 Jun 2021

‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles

An unprotected server hosting AMT Games user data has been discovered by security researchers at WizCase. The researchers found that the Elasticsearch server contained the personal data of 6 million players of AMT’s popular game Battle for the Galaxy. The server contained over 1 terabyte of unencrypted data, meaning that

Read More
25 May 2021

Air India Confirms Data of 4.5M Travelers Compromised

Air India has confirmed that a cyberattack led to the exposure of data belonging to roughly 4.5 million global passengers. According to the company, aviation IT provider SITA’s Passenger Service System was accessed by an unauthorized third party in early March. This system stores and processes all of the personal

Read More
20 May 2021

UHS Data Breach Lawsuit Proceeds

American healthcare provider Universal Health Services (UHS) is facing a lawsuit filed in 2020 over a data breach. The suit will proceed, but only for one of the affected patients, Stephen Motkowicz, who claims that his surgery was canceled as a result of a ransomware attack and subsequent data breach

Read More
07 May 2021

Misconfigured Database Exposes 200K Fake Amazon Reviewers

A misconfigured database has allegedly exposed a coordinated scheme by Amazon vendors to boost product ratings through utilizing fake accounts and reviews. Security researchers at SafetyDetectives located a China-based Elasticsearch server that was exposed to the public online, lacking any password protection or encryption. After looking further into the exposed

Read More
22 Apr 2021

Data Breach at New England’s Largest Energy Provider

On March 16, New England’s largest energy provider, Eversource, discovered that one of its cloud data storage folders was misconfigured, allowing anyone to access the files rather than protecting them. The folder was created in August 2019 and stored information in an unencrypted format, making the data breach a prolonged

Read More
13 Apr 2021

1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free

Security researchers have found an SQL file containing the personal data of 1.3 million Clubhouse users available on a hacker forum for free. The information in the file includes names, user IDs, photo URLs, number of followers, dates the accounts were created, profile information, who invited the user to the

Read More
12 Apr 2021

623M Payment Cards Stolen from Cybercrime Forum

According to Group-IB, a database containing stolen payment cards has been hit by hackers, who were able to lift the information off of the Swarmshop cyber-underground card market. The hackers leaked the information online, putting consumers in the US and across globe at risk for identity fraud, theft, and other

Read More
07 Apr 2021

Office Depot Configuration Error Exposes One Million Records

Researchers have found a misconfigured Easticsearch server belonging to Office Depot, a popular office supplies store chain. One million customers’ personal information was exposed on the misconfigured server, according to researchers. The database was not protected by a password and was initially found by a Website Planet team on March

Read More
07 Apr 2021

Data scraped from 500 million LinkedIn users found for sale online

A huge trove of LinkedIn data has been discovered on an online marketplace, exposing the IDs, names, email addresses, and personal details of 500 million users. Although the data may not seem harmful alone, it could be used to launch additional attacks on LinkedIn and specific users. The data set

Read More