Tara Seals reports: An estimated 100,000 customers of Razer, a purveyor of high-end gaming gear ranging from laptops to apparel, have had their private info exposed, according to a researcher. Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer’s infrastructure to the public internet, for anyone to…
Category: Exposure
A data fail left banks and councils exposed by a quick Google search
Henry Dyer reports: Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed. Details about everything from insolvency to final reminders of unpaid council tax and mortgage holidays were left available for anyone to view since…
The Internet’s Biggest Webmaster Forum Had a Data Leak
Jeremiah Fowler writes: Another day and another big data leak. On July 1st the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained records of the internet’s largest webmaster portal. Upon further research it appeared that Digital Point had leaked the data of 863,412 users. Digital Point claims to…
Prison phone service Telmate exposes messages, personal info of millions of inmates and their contacts
Paul Bischoff reports: Telmate, a service used by incarcerated inmates at US prisons to communicate with their friends and loved ones, has exposed a database containing tens of millions of call logs, private messages, and personal information about inmates and their contacts. The database was exposed on the web without a password or any other…
47 names of clergy abuse victims part of accidental email leak
Christopher White writes: A clergy abuse victim who participated in the Philadelphia Archdiocese’s independent compensation program for survivors is alleging that the confidentiality of nearly 50 other victims was compromised when the program administrator mistakenly sent the individual an email in 2019 with the names of participants from another diocese’s program. Since October 2016, Kenneth…
UK: Southern Water customers could view others’ personal data by tweaking URL parameters
Gareth Corfield reports: Southern Water – British supplier of the liquid of life – botched its internal Sharepoint implementation so badly that a customer was able to view other people’s account details. Reg reader Chris H discovered that the way Southern Water had set up Sharepoint to host customer information as a “your account” style section…