Misconfigured Locksmith Services web servers exposed sensitive information

Darryl Burke reports:

On Wed Nov 23rd, we discovered a misconfiguration on the web servers of the company “Locksmith Services” which is a US based national dispatch service for Locksmiths. The misconfiguration on the website dispatchlogin.net exposed the; audio recording of calls, emails, customer contact information, photos of drivers licenses and passports, photos of credit cards including the CVV numbers.

The company “Locksmith Services” has been notified of the data exposure and has since fixed the misconfiguration of it’s service. It is unknown at this time if any other 3rd party has accessed the data prior to being discovered by us. There were approx 3,000 customers credit card and government issued ID records exposed.

Read more on Darryl’s blog. Of note, they include alternative names for the business in question:

American Services:
Locksmith Service Company
America’s Locksmith Services
24 Hours Locksmith Service
24/7 S.O.S. Locksmith Services

Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
NY: Gloversville hit by ransomware attack, paid ransom
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Toys “R” Us Canada customers notified of breach of personal information
Gatineau gymnastics centre warns members of possible data breach
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach

Related: