Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- T-Mobile confirms SIM swapping attacks led to breach
December 30, 2021
T-Mobile has confirmed a data breach that was caused in part by SIM swapping attacks, according to a statement from the company. The T-Mo Report, a blog tracking T-Mobile, obtained internal reports showing that some data was leaked from a subset of customers. Some individuals had their customer proprietary network information (CPNI) leaked, which includes information about ...
- Fintech firm hit by log4j hack refuses to pay $5 million ransom
December 29, 2021
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply. After the company’s refusal to pay the ransom, threat actors ...
- Phishing incident causes data breach at West Virginia hospitals
December 22, 2021
A hospital system in West Virginia has suffered a data breach resulting from a phishing attack, which gave hackers access to several email accounts. Monongalia Health System — which runs Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company — said that hackers had access to several email accounts from May 10 to August ...
- UK National Crime Agency finds 225 million previously unexposed passwords
December 21, 2021
The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords. We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check if ...
- Russian hackers leak confidential UK police data on the ‘dark web’ after their ransom was rejected
December 19, 2021
Confidential information held by some of Britain’s police forces has been stolen by Russian hackers in an embarrassing security breach, The Mail on Sunday can reveal. The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called ‘dark web’ ...
- Sensitive information of 30k Florida healthcare workers exposed in unprotected database
December 3, 2021
More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password protected database, according to security researcher Jeremiah Fowler and a team of ethical hackers with Website Planet. Fowler discovered a database run by Gale Healthcare Solutions with 170,239 exposed records that included names, emails, home addresses, photos and in some cases ...