Justin Paine reports: While searching Shodan, I recently discovered an ElasticSearch database without any authentication. This database contained metadata related to a huge amount of emails. It was eventually confirmed that this server and the email metadata was controlled by a large university located in China. I would like to thank the university’s security team…
Category: Exposure
SG: Firm fined $4k by PDPC for leak of more than 400 national servicemen’s data
Lim Min Zhang reports: A firm has been fined $4,000 by Singapore’s privacy watchdog for the leak of the personal data of more than 400 national servicemen on June 12 last year due to a technical error. The data comprised the log-in identifications, e-mail addresses, delivery addresses and mobile phone numbers of 427 men from…
Report: Leak at Tech Data Corp. exposed 264GB of data — VPNMentor
VPNMentor reports that Tech Data Corporation sprung a major leak…. The research team at vpnMentor discovered a major data leak at the Tech Data Corporation (NASDAQ: TECD), a Fortune 500 company providing tech products, services, and solutions globally. vpnMentor’s researchers, led by security researchers Noam Rotem and Ran Locar, identified the consequential data breach that exposes…
U.S. finds American guilty in Singapore HIV data leak case
Reuters reports: A U.S. citizen who leaked the names of more than 14,000 HIV-positive people in Singapore has been found guilty by a U.S. court of illegally transferring personal data and threatening the Singapore government, court filings show. Read more on Reuters.
Massive Security Flaw Detected on Baltimore County Schools’ Digital Platform, Exposing Highly Sensitive Information on Students and Staff Members
Ann Costantino reports: A massive security flaw has been detected that allowed unrestricted access to highly sensitive records pertaining to students, staff and internal school system data on a Baltimore County Public Schools (BCPS) public facing website. The system’s BCPS One/Schoology platform, where students are able to access classes, grades and academic resources online, is…
Jewish dating app JCrush exposed user data and private messages
Zack Whittaker reports: A security lapse at JCrush, a dating app designed for the Jewish community, left a database open without a password, exposing sensitive user records and private messages to anyone who knew where to look. The site’s backend database had around 200,000 user records, according to security researchers Noam Rotem and Ran Locar,…