Bob Diachenko recently reported on yet another massive data exposure: On November 12th, when auditing the search results for open/exposed Elasticsearch databases with Binaryedge.ioplatform, we have found what appeared to be a collection of personal records compiled by FIESP, the Federation of Industries of the State of São Paulo. FIESP is the largest class entity…
Category: Exposure
Mt: Massive Lands Authority security flaw dumps personal data online
Jacob Borg and Claire Caruana report: A massive security flaw in the Lands Authority’s website has inadvertently dumped a huge amount of personal data online, a joint investigation by Times of Malta and The Shift News has found. Identity card details, e-mail correspondence, affidavits and other compromising data were made easily searchable on the internet…
Another ‘decision makers’ database leaked
Depressingly, Bob Diachenko of Hackenproof writes: These days it’s quite easy for an ordinary person to get the contact details of any business or organization for a certain fee or subscription. However, should seemingly non-sensitive data be so easily available? 123GB of personal data exposed On November 5th, we discovered an open and unprotected MongoDB…
MO: Woman sues SSM Health over alleged privacy violation
ABC17 reports a follow-up to a breach previously noted on this blog. A Holts Summit woman is suing SSM Health St. Mary’s Hospital after she claims it didn’t do enough to protect the privacy of her medical records. According to the lawsuit filed in Cole County, the patient, referred to as “T.K,” received a letter…
Edmonton Humane Society apologizes after personal financial info ‘accidentally posted’ on its website
Phil Heidenreich reports: The Edmonton Humane Society issued an apology on Tuesday after it says the personal financial information of at least five participants in one of its programs was “accidentally posted on the organization’s corporate website for a short period of time.” Read more on GlobalNews.ca.
USPS Site Exposed Data on 60 Million Users
Brian Krebs reports: U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked…