Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ransomware gang claims Conduent breach: what you should watch for next [updated]
October 30, 2025
Updated – October 30, 2025: New information confirms that Conduent’s 2024 breach has impacted over 10.5 million people, based on notifications filed with multiple state attorneys general. The largest disclosure came from the Oregon government, which reported 10.5 million affected residents. Conduent provides technology services to several US state governments, including Medicaid, child support, and food ...
- EY exposes 4TB+ SQL database to open internet for who knows how long
October 29, 2025
A Dutch cybersecurity outfit says its lead researcher recently stumbled upon a 4TB+ SQL Server backup file belonging to EY exposed to the web, effectively leaking the accounting and consulting megacorp’s secrets. Among the BAK file’s data were API keys, cached authentication tokens, session tokens, service account passwords, and user credentials, Neo Security’s writeup explained. Read more… Source: ...
- Ireland: Number of passengers affected by data breach not yet clear
October 26, 2025
It has not yet clear how many passengers were affected by the data breach relating to boarding passes issued for flights during August, but RTÉ News understands it may be in the hundreds of thousands. In August 3.8 million passenger journeys were made on flights through Dublin Airport. It has not been revealed yet what type ...
- US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer
October 23, 2025
The U.S. government has accused a former executive at defense contractor L3Harris of stealing trade secrets and selling them to a buyer in Russia, according to court documents seen by TechCrunch. On October 14, the Department of Justice accused Peter Williams of stealing eight trade secrets from two unnamed companies. The DOJ made the allegation in ...
- China accuses US of cyber breaches at national time centre
October 20, 2025
China has accused the U.S. of stealing secrets and infiltrating the country’s national time centre, warning that serious breaches could have disrupted communication networks, financial systems, the power supply and the international standard time. The U.S. National Security Agency has been carrying out a cyberattack operation on the National Time Service Center over an extended period ...
- UK MoD investigating claims Russian hackers stole files on RAF and Navy bases
October 19, 2025
The Ministry of Defence is investigating claims that Russian hackers have stolen hundreds of sensitive military documents and published them on the dark web. The files hold details of eight RAF and Royal Navy bases as well as Ministry of Defence staff names and emails, The Mail On Sunday reported. Cybercriminals accessed the cache of files ...