Zack Whittaker reports: A health tech company was leaking thousands of doctor’s notes, medical records, and prescriptions daily after a security lapse left a server without a password. The little-known software company, California-based Meditab, bills itself as one of the leading electronic medical records software makers for hospitals, doctor’s offices, and pharmacies. The company, among other…
Category: Exposure
Education and Science Giant Elsevier Left Users’ Passwords Exposed Online
Joseph Cox reports: Elsevier, the company behind scientific journals such as The Lancet, left a server open to the public internet, exposing user email addresses and passwords. The impacted users include people from universities and educational institutions from across the world. It’s not entirely clear how long the server was exposed or how many accounts…
Here’s What It’s Like to Accidentally Expose the Data of 230M People
Andy Greenberg reports: Steve Hardigree hadn’t even gotten to the office yet, and his day was already a waking nightmare. As he Googled his company’s name that morning last June, Hardigree found a growing list of headlines pointing to the 10-person marketing firm he’d founded three years earlier, Exactis, as the source of a leak…
How an unsecured Elasticsearch server exposed customer order information and passwords
James Sander joins those taking GearBest out to the cyberwoodshed over a data leak: Over 1.5 million customer records from online electronics seller GearBest, as well as Zaful, Rosegal, and DressLily, were stored in an unprotected Elasticsearch server, according to a joint report from VPNMentor (archived here) and security researcher Noam Rotem. The brands involved…
Personal information of over 800,000 blood donors was accessible online for 2 months: HSA
Felicia Choo reports: The personal information of more than 800,000 people who have donated or tried to donate blood in Singapore since 1986 was improperly put online by a Health Sciences Authority (HSA) vendor for more than two months, but access to the database was cut off soon after the discovery. Disclosing this in a…
Unsecured Gearbest server exposes millions of shoppers and their orders
Zeljka Zorz reports: Chinese e-commerce giant Gearbest has exposed information and orders of millions of its customers through an unsecured Elasticsearch server, security researcher Noam Rotem and his team have found. According to Rotem, the server was not protected with a password and anyone could access it and search the data. Also, despite assurances from…