Another Elasticsearch misconfiguration found by SecurityDiscovery. You can read about it here.
Category: Exposure
Report: Theta360 Leak Potentially Exposed Millions of Users’ Public and Private Photographs
VPNMentor reports that their research team has discovered that Theta360 inadvertently left users’ photos — even those intended to be private — exposed. The leak exposed at least 11 million public and private photographs. The data breach exposed thousands of users’ photos, many of whom chose to keep their images private. The breach did not expose…
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
Brian Krebs reports: The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security…
Amadeus Traveler Data Exposed in a Thwarted Data Leak
Sean O’Neill reports: A computer expert discovered a vulnerability in one of the systems used by travel distribution company Amadeus, which said it had fixed the issue and that none of the data was misused. Alp, an Israel-based travel subsidiary, is an online service used by Israeli travel agents and governmental travel agency Inbal to…
Ca: Some Brampton Residents Affected by Serious Privacy Breach
Rajpreet Sahota reports: Some Brampton residents have had their private information leaked in the wake of a privacy breach, the Region of Peel says. The Region of Peel announced that there was a breach of personal information on June 8, 2018. On March 13, the personal information of approximately 13,000 individuals on a wait list for Regional services…
Redtail CRM Data Breach May Have Exposed FA Client Info
Financial Advisor IQ reports: Some financial advisors using Redtail Technology’s client relationship management software may have had their clients’ personal data exposed on the internet, according to news reports. Redtail told affected advisors in an email that it learned on March 4 about a data breach that led to its logging systems capturing some investor…