Zack Whittaker reports: Urban Massage, a popular massage startup that bills itself as providing “wellness that comes to you,” has leaked its entire customer database. The London, U.K.-based startup — now known as just Urban— left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff…
Category: Exposure
Data Protection Authority of Baden-Württemberg Issues First German Fine Under the GDPR
Here’s a more detailed analysis of the GDPR fine of 20,000€ levied against a German flirting site, knuddels.de. Dr. Henrik Hanssen and Dr. Stefan Schuppert write: In the first fine issued by a German data protection authority under the European General Data Protection Regulation (“GDPR”), on 21 November 2018 the authority of the German state…
AU: ‘Appalling’ emergency services data breach to be investigated
Matilda Boseley & Simone Fox Koob report on a breach of sensitive information in Victoria: The state government will launch an immediate investigation into an “appalling” data breach that saw personal details of emergency services staff posted to the web. The breach reportedly occurred in October and saw private details – including addresses and medical…
Brazilian personal data was exposed….. again
Bob Diachenko recently reported on yet another massive data exposure: On November 12th, when auditing the search results for open/exposed Elasticsearch databases with Binaryedge.ioplatform, we have found what appeared to be a collection of personal records compiled by FIESP, the Federation of Industries of the State of São Paulo. FIESP is the largest class entity…
Mt: Massive Lands Authority security flaw dumps personal data online
Jacob Borg and Claire Caruana report: A massive security flaw in the Lands Authority’s website has inadvertently dumped a huge amount of personal data online, a joint investigation by Times of Malta and The Shift News has found. Identity card details, e-mail correspondence, affidavits and other compromising data were made easily searchable on the internet…
Another ‘decision makers’ database leaked
Depressingly, Bob Diachenko of Hackenproof writes: These days it’s quite easy for an ordinary person to get the contact details of any business or organization for a certain fee or subscription. However, should seemingly non-sensitive data be so easily available? 123GB of personal data exposed On November 5th, we discovered an open and unprotected MongoDB…