Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hot Pixels attack checks CPU temp, power changes to steal data
May 27, 2023
A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called “Hot Pixels,” which can retrieve pixels from the content displayed in the target’s browser and infer the navigation history. The attack exploits data-dependent computation times on modern system-on-a-chip (SoCs) and graphics processing units (GPUs) and ...
- US govt contractor ABB confirms ransomware attack, data theft
May 26, 2023
Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as “an IT security incident.” It also revealed that the attackers had stolen data from compromised devices and that it would notify affected individuals if their information was impacted in ...
- Arms maker Rheinmetall confirms BlackBasta ransomware attack
May 23, 2023
German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business. On Saturday, May 20th, 2023, BlackBasta posted Rheinmetall on its extortion site along with samples of the data the hackers claimed to have stolen from the German company. Read more… Source: Bleeping Computer
- Apria Healthcare says potentially 2M people caught up in IT security breach
May 23, 2023
Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company’s networks over a series of months in 2019 and 2021. The home healthcare equipment provider, which says it serves about two million patients from 280 locations across America, said it discovered the intrusion ...
- Dish confirms 300,000 people’s data was exposed in February’s attack
May 23, 2023
Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data. Dish customers can rest easy, at the very least, as the company said in a sample letter posted ...
- More UK councils caught by Capita’s open AWS bucket blunder
May 22, 2023
The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March’s mega breach. Colchester City Council was the first to step forward last week to claim that tech ...