DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Indian onlinebloodbank FINALLY secures exposed donors database

Posted on November 19, 2019 by Dissent

It’s been a frustrating matter, but it may finally be resolved, thanks to the individual known as @fs0ciety on Twitter.

In May 2019, DataBreaches.net was alerted to an online bloodbank in India that had a misconfigured Amazon s3 bucket. Despite repeated emails by this site and even a phone call from Banbreach infosec in India, the data remain exposed.

In August, this site noted it publicly but without naming the organization or pointing to the exposed data. They were Case 1 in this post.

And that’s where things remained until recently, when someone posted the donors database — with personal information on more than 1 million donors — on a web site where databases are shared.  With the data now being freely traded and in light of mentions that it had originally been seen on a Russian forum, DataBreaches.net again attempted to get onlinebloodbank or Luminous Infoways to lock down the data properly.

To no avail.

DataBreaches.net reached out to “Elliott Alderson” (@fs0c131y on Twitter). On November 13, he tweeted to their inactive Twitter account:

Hi @obbredaccess,

A security issue has been found in your website. The personal data of millions of donors are exposed. You have been contacted multiple times by multiple people. Can you contact me by DMs to solve this issue.

Regards,

cc @NCIIPC @IndianCERT

— Elliot Alderson (@fs0c131y) November 13, 2019

And that started a different ball rolling because of all the people who follow him.

@fs0c131y got results where this site had failed to. It is not known to this site whether someone finally got RED Access Associates (http://onlinebloodbank.com) or Luminous Infoways to respond, and who that party was who got through to them, but something worked.

Great thanks to @fs0c131y and all those who jumped in to help.

Of course, it should never take this long to get an entity to respond to a notification, and even for not-for-profits, there needs to be some genuine commitment to protecting personal and health information.  What is the government of India doing to really encourage — and enforce — data security and data protection?  I mean, what are they doing other than trying to criminalize and censor journalism about data security failures in India?

Category: Commentaries and AnalysesExposureHealth DataMiscellaneousNon-U.S.Of Note

Post navigation

← Court approves extradition of young hacker to US
Activist Leaks Files From a Data Broker for Demoing its Software With ICE →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.