In today’s “FFS Moment,” Bob Diachenko reports: On March 1st 2019, I discovered another non password protected MongoDB that appeared to contain data related to San Jose, California based Automation Anywhere. They are the developers of robotic process automation software but this backup contained an application created specifically for Automation Anywhere’s premier customer event called…
Category: Exposure
Report – Dalil Data Breach: 5+ Million Users’ Data Exposed by Unsecured App
VPNMentor reports: Dalil is the biggest phone directory in Saudi Arabia. With more than 5 million downloads, Dalil is the 13th most popular communications app in the Kingdom. For context, this is where Viber and Telegram rank in the US. 96% of its users are in Saudi Arabia; the remainder are in Egypt and other…
NZ: Patient documents missing, reportedly lost in ‘a gust of wind’
Joanne Carroll reports: A health board employee is under investigation after “misplacing” hundreds of patients’ medical information – some of which are still missing. The Canterbury and West Coast District Health Board only became aware of what it calls a “potential privacy breach” when a member of the public found some of the documents in…
Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach
Bob Diachenko reports: On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). “Used by eight of the world’s ten largest,…
UK: Dumbarton sheriff blasts hospital over medical records mix-up
Lennox Herald reports: A Dumbarton sheriff said a hospital could face legal action after it was revealed the wrong medical records had been sent to assist in a case. Sheriff William Gallacher blasted the actions of the hospital, calling the blunder a “catastrophic breach” of data protection. Solicitors had requested medical records for Mark Kelly,…
Delhi Citizens Data Leak
Bob Diachenko writes: On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals located in Delhi. A 4.1GB-sized database had been indexed by Shodan and was left unattended for public…