Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Lancaster University students’ data stolen by cyber-thieves
July 23, 2019
Students’ personal data has been stolen in a “sophisticated and malicious” phishing attack at Lancaster University. Officials said the information had been used to send bogus invoices to applicants. “A very small number” of student records, phone numbers and ID documents were also accessed, it said. The breach has been reported to police and the Information Commissioner’s Office. In ...
- Equifax, regulators sign $700m deal to settle data breach lawsuits
July 22, 2019
Equifax signed a settlement today to lay to rest lawsuits brought forward by the US Federal Trade Commission (FTC), state attorneys, and a class-action case relating to the firm’s 2017 data breach. The security incident was caused by a failure to resolve a known security flaw in Apache Struts, despite a patch being made available two ...
- Massive 7.5TB breach reveals secret Russian IT projects
July 22, 2019
Hackers breached the server of a major contractor working on behalf of the Russian intelligence service before stealing 7.5TB of sensitive data and sharing this freely with other hackers and journalists. Attackers infiltrated the company network of SyTech on 13 July, according to BBC Russia, and began a process of copying data while deleting masses of it. ...
- Bulgaria’s hacked database is now available on hacking forums
July 18, 2019
The database of Bulgaria’s National Revenue Agency (NRA), which was hacked over the weekend and sent to local reporters, is now being shared on hacking forums, ZDNet has learned from sources in the threat intelligence community. Download links to the hacked database have been shared by a hacked data trader known as Instakilla, believed to be operating out of ...
- Marriott Hit With $123M Fine For Massive 2018 Data Breach
July 9, 2019
The U.K.’s privacy watchdog is hitting Marriott International with a $123 million (£99 million) penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office (ICO) and comes only a day after the organization proposed a record $230 million fine against British Airways for its ...
- Hackers breached Greece’s top-level domain registrar
July 9, 2019
State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el. ICS-Forth, which stands for the Institute of Computer Science of the Foundation for Research and Technology, publicly admitted to the security incident in emails it sent ot domain owners on April 19. The hackers behind the breach are the same group ...