August 26, 2024 at 09:07AM Nearly 2.7 TB of sensitive data, including invoices, contracts, HIPPA patient consent forms, belonging to various businesses, has been exposed due to a non-password protected database. The exposed files, traced by security researcher Jeremiah Fowler, belonged to ServiceBridge and contained personal information from numerous clients. The database has since been … Read more
July 16, 2024 at 02:01PM A threat actor exposed 15 million Trello email addresses by exploiting an unsecured API, selling the data for $2.32. Atlassian, Trello’s owner, acknowledged the issue and secured the API. This method of exploiting unsecured APIs is increasingly utilized, posing significant privacy risks. It’s crucial for organizations to prioritize API security … Read more
June 7, 2024 at 01:09PM Microsoft has responded to public pressure by changing the default settings for its Windows Recall feature on Copilot+ PCs. Following criticism about security and privacy risks, the company announced that the feature will now be off by default, with additional security measures such as encryption and user authentication requirements. Microsoft … Read more
May 13, 2024 at 10:19AM The Post Millennial and Human Events were hacked, exposing data of writers, editors, and subscribers. Have I Been Pwned added this data, including names, email addresses, passwords, and more, to their breach notification service. The source of the data is unclear. The affected sites have not issued statements, so subscribers … Read more
May 7, 2024 at 06:35AM UK-based physical security business Amberstone Security exposed nearly 1.3 million documents, including pictures of guards and suspected offenders, through a misconfigured public database. The exposed data raised concerns about personal privacy, public safety, and the integrity of security operations. After notification, Amberstone revoked public access to the database and initiated … Read more
March 19, 2024 at 06:18AM Google Firebase misconfiguration led to the leak of more than 125 million user records, including plaintext passwords. It began with the hacking of the Chattr AI hiring system, exposing names, phone numbers, emails, and sensitive details. Further exploration found 900 websites exposing data on a massive scale, impacting millions of … Read more
January 28, 2024 at 06:38PM CloudSEK discovered 750 million Indian mobile network subscribers’ records on the dark web, offered by two crime gangs for $3,000. The trove included names, phone numbers, addresses, and Aadhaar details. Samsung will use Baidu’s ERNIE model for its Galaxy S24 devices in China. Terraform Labs filed for Chapter 11 bankruptcy, … Read more
December 21, 2023 at 10:09AM Unprotected database belonging to Real Estate Wealth Network left accessible online for unknown duration. Discovered by Jeremiah Fowler, 1.16TB database contained 1.5B records, including property, tax, ownership, and personal information of millions, including celebrities and politicians. Real Estate Wealth Network responded by blocking public access and confirming ownership. Fowler warns … Read more