Robbie Harb reports: Hundreds of thousands of sensitive dating app profiles – including images of “a graphic, sexual nature” – were exposed online for anyone stumbling across them to download. Word of the uncontrolled emission burst forth from vpnMentor this week, which claims it found a misconfigured AWS S3 bucket containing 845GB of private dating app records….
Category: Exposure
Lessons learned from the ANPR data leak that shook Britain
Ax Sharma reports: On April 28, 2020, The Register reported the massive Automatic Number-Plate Recognition (ANPR) system used by the Sheffield government authorities was leaking some 8.6 million driver records. An online ANPR dashboard responsible for managing the cameras, tracking license plate numbers and viewing vehicle images was left exposed on the internet, without any password or…
12,000+ Indian blood donors’ PII and passwords leaked
CloudSEK reports: CloudSEK has discovered a data leak that contains sensitive information of 12,472 blood donors registered on http://www.indianblooddonors.com/index.php. Indian Blood Donors is an organization that maintains a free database of blood donors. They also have an app, which matches recipients with the nearest donor, based on blood type. Discovery of the leak A CloudSEK researcher discovered…
UK: Flaw in property inventory website exposed thousands of users’ home contents
James Walker reports on an incident, which while unfortunate, provides us with an example of prompt incident response and thanking the researcher instead of shooting the messenger: A vulnerability in the website of Inventory Hive, a property inventory service, was leaking members’ personal information, including their name and address, along with internal and external property…
UK: Babylon Health data breach: GP app users able to see other people’s consultations
The Guardian reports: Babylon Health has suffered a data breach involving confidential patient information, with users of its GP video consultation app allowed to see other patients’ appointments. The breach emerged when one of its users discovered they had access to video recordings of other patients’ consultations. Read more on The Guardian, although some of…
Months later, KeepNet issues a statement about leak discovered by researcher
Back in March, Security Discovery reported a leak involving KeepNet. This site had picked up that reporting and linked to it. Shortly thereafter I was contacted by KeepNet. Based on their statement and the fact that Security Discovery revised their own report, this site deleted KeepNet’s name from the reporting and simply linked to Security…