Troy Hunt reports that a misconfigured MongoDB installation resulted in audio files of children’s and parents’ conversations recorded by CloudPets being exposed in a Shodan search. And as we’ve seen many other times, the exposed files were deleted by an attacker, and a purported “ransom” note left in place of the database – a ransom note that was…
Category: Exposure
NC health department exposed patient information in email
Lynn Bonner reports: The state Department of Health and Human Services sent private patient information to adult care homes by unencrypted email last year. The security lapse involved 12,731 Medicaid patients living in adult care homes. On Nov. 30, an employee sent an unencrypted email that included patient names, Medicaid numbers, and the homes where…
Veterans Health Information Possibly Compromised
Dave Kibler reports: Riverbend veterans will soon know if any of their personal information was compromised in a release of information by a former Veteran’s Affair employee in St. Louis. A total of 724 patient’s records were released by the former employee to an employee not involved in the medical care of those veterans. The VA’s…
Carders capitalize on Cloudflare problems, claim 150 million logins for sale
Steve Ragan reports: A carder forum is advertising a special deal to VIP members. The website claims to possess more than 150 million logins, from a number of services including Netflix and Uber. The source of this data collection are the accounts exposed due to a recent problem on Cloudflare’s infrastructure. But is this on…
Security lapse exposed New York airport’s critical servers for a year
Zack Whittaker reports: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing…
Chicago Public Schools exposed confidential student information – again!
Lauren FitzPatrick reports: Confidential information about Chicago Public Schools students — including medical conditions and dates of birth — was kept on unsecured web documents that anyone could call up despite laws and CPS rules that are supposed to safeguard children’s privacy. Some of the personal, identifiable information involved requests for certain ongoing nursing services…