Lawrence Abrams reports: An unsecured database has exposed the personal information of 8 million people from the U.S. who participated in online surveys, sweepstakes, and requests for free product samples. […] Sanyam Jain, an independent security researcher and member of the GDI Foundation, discovered an unsecured Elasticsearch database that exposed the personal information of 8 million people who…
Category: Exposure
Burger King’s Online Store for Kids Exposes Customers’ Info
Oops, I had missed this one last week. Sergiu Gatlan reported: An unprotected Elasticsearch cluster found via a Shodan search exposed 37,900 records of Kool King Shop customers, a French online shop specifically tailored to be used by kids who bought Burger King menus. As Security Discovery researcher Bob Diachenko discovered after further investigation, the…
Update: West Hartford officials warn parents of test registration platform data breach
Doug Levin kindly alerted me that the Hartford Courant has a story on the Total Registration data security incident. … The school officials said that Total Registration, used by the district to register students for certain exams, informed them that certain information provided by students including name, grade level, gender, date of birth, address, email…
Seven months after learning of a breach, UCSD still has not notified HIV research participants whose privacy was breached
Brad Racino and Jill Castellano report on what sounds like either willful or negligent handling of highly sensitive information of research participants bu a non-profit participating in some university-funded research. In either event, the university was notified of a breach in October and STILL hasn’t notified the research participants with HIV whose data was available…
Massive Data Breach Exposes Russian Officials’ Passports – Reports
The Moscow Times is reporting: Hundreds of thousands of Russians, including former government officials, have had their passport data posted online in the country’s latest massive data leak, the RBC news website cited new research as saying Wednesday. The breach of at least eight government websites, analyzed by privacy expert Ivan Begtin, exposed the passport…
1.5 Million Mobile Users’ Card & Information Exposed
Roy Urrico reports: Security researchers discovered an exposed Elasticsearch server containing up to 1.5 million Freedom Mobile users’ personal data, passwordless, and including unencrypted credit card and CVV numbers, expiration dates and verification numbers. The five million exposed customer data logs belonged to Freedom Mobile, Canada’s fourth wireless telecommunications provider. The files, stored in plaintext,…