Graham Cluley writes: A security researcher has revealed details of a flaw in Facebook Messenger that made it possible for “any website to expose who you have been messaging with.” Imperva’s Ron Masas, who in the past has identified a bug that allowed unauthorised websites to view Facebook users’ location histories, likes and interests, discovered…
Category: Exposure
An Email Marketing Company Left 809 Million Records Exposed Online
Alyssa Foote reports: By this point, you’ve hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters. But increased awareness hasn’t slowed the problem. In fact, it’s only grown bigger—and more confounding. Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible…
Global Robotic Process Automation Company’s Event App Exposed Attendees Info
In today’s “FFS Moment,” Bob Diachenko reports: On March 1st 2019, I discovered another non password protected MongoDB that appeared to contain data related to San Jose, California based Automation Anywhere. They are the developers of robotic process automation software but this backup contained an application created specifically for Automation Anywhere’s premier customer event called…
Report – Dalil Data Breach: 5+ Million Users’ Data Exposed by Unsecured App
VPNMentor reports: Dalil is the biggest phone directory in Saudi Arabia. With more than 5 million downloads, Dalil is the 13th most popular communications app in the Kingdom. For context, this is where Viber and Telegram rank in the US. 96% of its users are in Saudi Arabia; the remainder are in Egypt and other…
NZ: Patient documents missing, reportedly lost in ‘a gust of wind’
Joanne Carroll reports: A health board employee is under investigation after “misplacing” hundreds of patients’ medical information – some of which are still missing. The Canterbury and West Coast District Health Board only became aware of what it calls a “potential privacy breach” when a member of the public found some of the documents in…
Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach
Bob Diachenko reports: On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). “Used by eight of the world’s ten largest,…