Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Macy’s Suffers Data Breach by Magecart Cybercriminals
November 19, 2019
The department store Macy’s is warning that web skimmer malware was discovered on Macys.com collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card skimmers into ecommerce websites. According to a data breach notice sent to customers, “an ...
- Equifax failed to take even the most basic precautions, alleges lawsuit
October 21, 2019
A lawsuit on the 2017 data breach allege that Equifax staffers used the default – ‘admin’ – as the username and password to secure customer information portal How would you secure a portal containing valuable, personal finance information of 148 million accounts of customers spread across the US, Canada and the UK? Equifax employees chose default and ...
- Imperva: Data Breach Caused by Cloud Misconfiguration
October 11, 2019
Imperva, the security vendor, said this week that a misconfiguration of an Amazon Web Services (AWS) cloud instance allowed hackers to exfiltrate information on customers using its Cloud Web Application Firewall (WAF) product. Formerly known as Incapsula, the Cloud WAF analyzes requests coming into applications, and flags or blocks suspicious and malicious activity. The company announced the breach in ...
- IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador’s History
September 18, 2019
Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country’s history. Personal records of more than 20 million adults and children, both dead and ...
- Data Leak Impacts Millions of Yves Rocher Cosmetics Company Customers
September 3, 2019
International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the personal information of millions of customers. UPDATE Cosmetics giant Yves Rocher is warning that a giant data leak exposed the personal data of millions of its customers and reams of sensitive internal company information to the public. The data exposure ...
- 4.1B Records Exposed in Breaches in First Half of 2019
August 16, 2019
This year is on track to be the worst year on record for data breach activity, according to a recent analysis. Within the first six months of this year, there have been 3,813 incidents publicly reported, according to Risk Based Security’s 2019 MidYear QuickView Data Breach Report. That’s up 54 percent compared to this time last ...