Browsing tag
The database was left exposed on an Elasticsearch Cluster without any password or security authentication. StripChat is one of the top five adult cam sites on the internet. Earlier this month, this site suffered a database mess up that leaked sensitive data, including payment details and chat messages of roughly 200 million of the site’s […]
The Quickfox VPN is mainly used by Chinese citizens living abroad who need to access Chinese websites as most of these sites are geo-restricted. Wizcase’s team of ethical researchers, led by Ata Hakcil, discovered a “critical leak” that the researchers found to be exposing personally identifiable information of at least one million users of a […]
The victims of this “data leak” also include celebrities like Alicia Keys, Loren Gray, Kylie Jenner, Ariana Grande, and Kim Kardashian. The cybersecurity team at Safety Detectives, led by Anurag Sen, discovered an unsecured ElasticSearch server belonging to IGBlade.com, a social media analytics site. The server stored scraped data of millions of social media users. […]
At the time of publishing this article, the data was still exposed and growing as there has been no response from Hariexpress. The Brazilian E-commerce Marketplace Integrator platform Hariexpress (Hariexpress.com.br) has been caught exposing a massive trove of sensitive data belonging to its customers and vendors. In total, the company has exposed more than 610 […]
The data was exposed due to an unprotected Elasticsearch cluster and remained open to public access without any security authentication. Well-known security researcher Bob Diachenko discovered a ‘Giant’ blunder made by UK media outlet The Telegraph after it exposed 10 terabytes of subscribers’ data. According to Diachenko, the trove of records included subscriber information and […]
EskyFun stored a trove of gamers’ data on an Elastricsearch server that was exposed to the public without any security authentication. The research team at vpnMentor reported an error on the part of famous Chinese Android game developer EskyFun that leaked sensitive data of at least one million online gamers. Reportedly, EskyFun used an unsecured Elasticsearch […]
The incident took place after the Elasticsearch server used by eHAC developers exposed the data due to misconfiguration. According to Indonesian health ministry official Anas Ma’ruf, the country’s COVID-19 test and trace application had an inherent security flaw due to which the personal information and health status of around 1.3 million individuals got exposed. Ma’ruf, […]
The watchlist was exposed on a misconfigured server hosted on a Bahrain IP address instead of a US one. The FBI was reportedly maintaining a secret watchlist of suspected terrorist administrated by the Terrorist Screening Center (TSC). According to Comparitech’s head of security research, Bob Diachenko, this list was exposed online due to a configuration […]
Bergen Logistics, a New Jersey-based company exposed its database back in December 2020 but Lolz when alerted about the incident. Recently, the IT security researchers at Website Planet uncovered an exposed database belonging to Bergen Logistics that stored 467,979 records all relevant to their shipments and customers. This means that any clients that conducted business […]
The database contained 7GB worth of data including fake Amazon product reviews and PayPal email addresses of scammers among other sensitive data. Whoever uses Amazon makes up their mind about a particular product after checking out its reviews. But what if the reviews are fake and misleading? The IT security researchers at SafetyDetectives discovered a China-based […]
The exposed database was being updated in realtime with new logs while 1.48 million robocall logs were accessed by researchers initially. The WebsitePlanet research team alongside Jeremiah Fowler, an IT security researcher, discovered an insecure database that had no password protection and contained a large number of phone call records as well as VOIP (Voice […]
Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and can use the vulnerability exploitation function to verify whether the […]
Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country’s history. Personal records of more than 20 million adults and children, both dead […]
The malware attack involves two stages including one in which existing cryptomining malware is removed. The IT security researchers at Trend Micro have discovered a new malware campaign targeting Elasticsearch databases in the wild. The campaign takes advantage of unprotected or publicly available Elasticsearch databases, infect them with malware before turning them into botnet zombies […]
The company claims it does not share user data with others but looks like it does. Another day, another data breach; this time an unprotected database has been discovered leaking personal and financial data of millions of Canadians. Identified by researchers at vpnMentor along with hacktivists Noam Rotem and Ran Locar; the database belonged to […]
Working with large amounts of data without taking the necessary security steps can pose a huge risk to any organization. According to the ethical hacking training experts from the International Institute of Cyber Security (IICS), unprotected databases significantly increase the chances of a company being a victim of a data breach. For example, more than […]
2019 has barely started, and indications show that this year could very well be one of the worst for Internet users as far as privacy and data security is concerned. As HackRead has reported, below are some of the biggest privacy breaches already exposed this year: Security researchers revealed that 773 million unique email IDs […]
Security researchers discovered 257,287 legal documents from unprotected Elasticsearch cluster that hosted on a US-based Amazon AWS server. The unprotected sensitive documents labeled as “not designated for publication‘” and the data contains 4.7GB highly sensitive legal documents. Further investigation reveals that the data managed by Lex Machina, an IP litigation research company and division of […]
Two old vulnerabilities were exploited, allegedly by Chinese hackers The Cisco network security and ethical hacking teams recently detected intrusions from malicious hackers by targeting Elasticsearch clusters to exploit previously reported vulnerabilities to perform various malicious actions such as malware injection and cryptocurrency mining, reported experts from the International Institute of Cyber Security. “Hackers are […]
A database with sensitive information on loans and mortgages has been recently leaked Network security and ethical hacking specialists from the International Institute of Cyber Security report the finding of a server with more than 20 million of bank documents, including records of thousands of loans and mortgages from some of the most important financial […]
Misconfigured ElasticSearch Servers Exposed Private Data of over 82 Million Users. A warning has been issued by Bob Diachenko, a HackenProof security researcher informing users in the US that around 73 gigabytes of data is identified in a “regular security audit” of publicly accessible servers on the Shodan IoT search engine. According to the researcher, […]