DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

No need to hack when it’s leaking, Monday edition: TeammateApp

Posted on February 24, 2025February 24, 2025 by Dissent

Another day, another leak, another inaccurate claim by an entity, and another inappropriate attack on a researcher. Buckle up.

TeammateApp is not the sort of entity that DataBreaches usually reports on. DataBreaches decided to report on a data leak they reportedly experienced because once again, a well-intended researcher appears to have been falsely accused of trying to sell services he wasn’t selling and of harassing them simply because he sent a responsible disclosure notice and then a follow-up email.

But let’s start at the beginning.

On February 15, the researcher known as @JayeLTee reached out to TeammateApp via email to alert them to a leak he had discovered. His email resulted in the leak being secured within an hour, but TeammateApp never acknowledged receipt of his notification or responded at all.

Several days later, JayeLTee emailed them again to ask if they would be notifying any regulator or clients, because if they were and if they needed him to delay publication of his report, he would delay publication to give them time to make notifications. JayeLTee explained that he routinely reports on leaks he discovers and tries to get secured.

TeammateApp’s response was ….. inappropriate, at best.   As JayeLTee reports, the firm’s CEO, Sean Banayan, replied:

This had no impact on anything or anyone and all anyone could see was basic information of [type of databased redacted by JayeLTee] database size etc.

There were few more security layers which would have made any data breach impossible anyway.

Not sure what’s your business and what the heck this Proton actually does, but if you don’t stop harassing us, I’ll get in touch with them to stop you.

Whatever you’re selling, we’re not interested in purchasing it.

Get it??

The reference to “Proton” was presumably because JayeLTee uses protonmail to send notifications. The firm’s CEO didn’t seem to know what “Proton” is and likely assumed it was JayeLTee’s employer or business. The CEO also accused JayeLTee of trying to sell…. something… even though JayeLTee had told them at the outset he is an independent researcher who volunteers his time and doesn’t sell anything.

The remainder of JayeLTee’s post provides evidence that refutes the CEO’s claim about what could be seen and what kind of information was involved. As JayeLTee notes, the “few more security layers” the CEO referenced failed to function properly or, more likely, were nonexistent, because he was able to access employee data and user data with personal information without ever being asked to login or provide any password.

TeammateApp Contacted

Having been shown a preview of JayeLTee’s post, DataBreaches emailed TeammateApp about the researcher’s findings. The email included snippets or descriptions of the data that JayeLTee had found exposed. As one example, DataBreaches quoted a subsection of the report:

employees – 23,279

This contained fields such as first and last name, company and workplace foreign keys, email, phone and mobile, date of birth and a field with additional information such as medical recommendations. There were multiple other tables related to employee data such as “employeesppes” which contained PPE (Personal protective equipment) information, mostly uniform sizes.”

DataBreaches noted that a redacted screenshot from the employees table was included in the report. DataBreaches requested an unredacted version to try to verify the personal information. JayeLTee provided the unredacted version, and DataBreaches was able to quickly confirm that there was an employee at Kaweka Health with the same name as the person in the redacted screenshot.

This site’s email to the CEO also included mention of other examples of exposed files from Kaweka Hospital and G&H Cardiovascular, and a screenshot of a redacted user entry for an “employee of a cybersecurity company https://defend.co.nz” (the latter was from the “Users” table).

Finally, DataBreaches informed the CEO that JayeLTee claimed he can still access files even after the firm locked them down. “He doesn’t explain how in his report, but it sounds like anyone who acquired certain info before you locked things down can bypass login authentication and still access certain files,” DataBreaches wrote to the CEO.

DataBreaches asked the CEO three questions:

1. Do you still maintain there was no leak or breach?

2. Do you have access logs to show what IP addresses may have accessed or acquired files without authorization?

3. Will you be notifying any regulator or people who had their personal information exposed?

DataBreaches also invited Sean Banayan to provide a statement for publication. He replied promptly to this site’s email:

We will further investigate this matter internally and do not wish to entertain this matter with your website.

At this point, then, TeammateApp has not confirmed the data leak that seems pretty evident.

Once again, an entity shot the messenger who was trying to alert them to their security incident. This time, an obviously angry messenger shot back, as JayeLTee’s concluding remarks demonstrate.

You can read JayeLTee’s entire post on his substack. He has also posted about it on infosec.exchange.

Category: Business SectorCommentaries and AnalysesExposure

Post navigation

← Beverly Hills Plastic Surgeon Jaime Schwartz M.D. Sued for Not Timely Notifying Patients of Two Hacks
UK: More details emerge about ransomware attack on HCRG by Medusa →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.