Once again, a service owned and control by a division of official Sony Entertainment has slipped up. This time, their error exposed a elasticsearch server leaking log entries that feed into a third-party tool. Sony is no stranger when it comes to reports of poor infosecurity and hacking incidents, but it is not often we…
Category: Breach Incidents
China Citizen Watch (Finally) Secures 150TB of Leaking Data
China Citizen Watch, the official Chinese division of the Japanese watch giant Citizen, and Bulova Watch Company (a Citizen brand in the U.S.) have both been affected because China Citizen Watch or its hosting company left an unsecured RSYNC server online with more than 150TB of files. Cursory skimming of the files, necessitated by Citizen…
Honda North America responds quickly to notification of a leak
Bob Diachenko reports that he found an ElasticSearch instance that was exposing customers of Honda North America. On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser. Of note, Honda…
Consulting Firm Accidentally Doxxed Thousands of Employees at America’s Top Defense Contractor
Lachlan Markay reports: A prominent Washington, D.C.-area consulting firm inadvertently published the names, phone numbers, home addresses, and email addresses of thousands of employees of America’s top aerospace and defense contractor. Publicly available files maintained by the digital consultancy IMGE included extensive personal information on more than 6,000 Boeing employees, from senior executives to program…
Another Click2Gov victim is revealed in Texas
Add Sugarland, Texas to any list you are keeping of Click2Gov breach victims. As with other entities in the second wave of attacks, those residents who used the payment portal to make one-time payments seem to have fallen prey to the attackers. And as with a number of other CentralSquare Technologies Click2Gov customers, Sugarland will…
Unsecured backup devices continue to be a hot mess
After a few years of headlines blaring mega-numbers of records exposed by misconfigured RSYNC backups, we might hope that we would be seeing fewer errors by now. But it seems that RSYNC errors continue at a high rate, exposing massive amounts of data. This month, part of what I did was look at RSYNC errors…