Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- British Airways: If you’re feeling left out of our 380,000 passenger hack, then you may be one of another 185,000 victims
October 25, 2018
British Airways’ horror hack is worse than first thought: the world’s favorite airline has added 185,000 cardholders to the pile of 380,000 potentially caught up in the IT security breach. In September, it emerged that hackers spent two weeks slurping the personal and payment card data of people who booked travel via BA’s website and mobile application. As ...
- HealthCare.gov system hack leaves 75,000 individuals exposed
October 20, 2018
A hack was detected earlier this month in a government computer system that works alongside HealthCare.gov, exposing the personal information of approximately 75,000 people, according to the agency in charge of the portal. In a statement to CNN, the Centers for Medicare and Medicaid Services (CMS) said the system that was exposed through the hack was ...
- UK MoD secrets exposed in dozens of cyber security breaches
October 15, 2018
Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK’s defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in ...
- The Cybersecurity 202: The U.S. needs a law that requires companies to disclose data breaches quickly, cybersecurity experts say
October 15, 2018
A slight majority of digital security experts surveyed by The Cybersecurity 202 say the United States should follow in the European Union’s footsteps and pass a law that requires companies to disclose data breaches quickly. Europe’s General Data Protection Regulation requires companies with customers in the E.U. to notify regulators of a breach within 72 hours or face a severe ...
- Pentagon discloses card breach
October 13, 2018
Pentagon official said on Friday that the Department of Defense had suffered a security breach thanks to a third-party contractor. An investigation is still underway, so the exact details haven’t been made public, but according to an Associated Press report, a DOD official said that roughly 30,000 DOD military and civilian personnel are believed to be affected. ...
- Facebook mass hack last month was so totally overblown – only 30 million people affected
October 12, 2018
Facebook users can relax and get back to interacting with quality content and authentic individuals on the social network. Last month’s deliberate theft of private account records from the internet giant, initially believed to affect 50 million or maybe 90 million accounts, turns out to be nowhere near that bad. Cough. On Friday, the data-harvesting biz said a mere 30 ...