Ann Costantino reports: A massive security flaw has been detected that allowed unrestricted access to highly sensitive records pertaining to students, staff and internal school system data on a Baltimore County Public Schools (BCPS) public facing website. The system’s BCPS One/Schoology platform, where students are able to access classes, grades and academic resources online, is…
Category: Exposure
Jewish dating app JCrush exposed user data and private messages
Zack Whittaker reports: A security lapse at JCrush, a dating app designed for the Jewish community, left a database open without a password, exposing sensitive user records and private messages to anyone who knew where to look. The site’s backend database had around 200,000 user records, according to security researchers Noam Rotem and Ran Locar,…
The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
Another Elasticsearch misconfiguration found by SecurityDiscovery. You can read about it here.
Report: Theta360 Leak Potentially Exposed Millions of Users’ Public and Private Photographs
VPNMentor reports that their research team has discovered that Theta360 inadvertently left users’ photos — even those intended to be private — exposed. The leak exposed at least 11 million public and private photographs. The data breach exposed thousands of users’ photos, many of whom chose to keep their images private. The breach did not expose…
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
Brian Krebs reports: The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security…
Amadeus Traveler Data Exposed in a Thwarted Data Leak
Sean O’Neill reports: A computer expert discovered a vulnerability in one of the systems used by travel distribution company Amadeus, which said it had fixed the issue and that none of the data was misused. Alp, an Israel-based travel subsidiary, is an online service used by Israeli travel agents and governmental travel agency Inbal to…