Joseph Cox reports: Elsevier, the company behind scientific journals such as The Lancet, left a server open to the public internet, exposing user email addresses and passwords. The impacted users include people from universities and educational institutions from across the world. It’s not entirely clear how long the server was exposed or how many accounts…
Category: Exposure
Here’s What It’s Like to Accidentally Expose the Data of 230M People
Andy Greenberg reports: Steve Hardigree hadn’t even gotten to the office yet, and his day was already a waking nightmare. As he Googled his company’s name that morning last June, Hardigree found a growing list of headlines pointing to the 10-person marketing firm he’d founded three years earlier, Exactis, as the source of a leak…
How an unsecured Elasticsearch server exposed customer order information and passwords
James Sander joins those taking GearBest out to the cyberwoodshed over a data leak: Over 1.5 million customer records from online electronics seller GearBest, as well as Zaful, Rosegal, and DressLily, were stored in an unprotected Elasticsearch server, according to a joint report from VPNMentor (archived here) and security researcher Noam Rotem. The brands involved…
Personal information of over 800,000 blood donors was accessible online for 2 months: HSA
Felicia Choo reports: The personal information of more than 800,000 people who have donated or tried to donate blood in Singapore since 1986 was improperly put online by a Health Sciences Authority (HSA) vendor for more than two months, but access to the database was cut off soon after the discovery. Disclosing this in a…
Unsecured Gearbest server exposes millions of shoppers and their orders
Zeljka Zorz reports: Chinese e-commerce giant Gearbest has exposed information and orders of millions of its customers through an unsecured Elasticsearch server, security researcher Noam Rotem and his team have found. According to Rotem, the server was not protected with a password and anyone could access it and search the data. Also, despite assurances from…
Dozens of companies leaked sensitive data thanks to misconfigured Box accounts
Zack Whittaker reports: Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can easily be discovered. The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left…