Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Massive data breach sees 16 million PayPal accounts leaked online
August 22, 2025
Hackers recently announced on a well-known forum that they were selling a dataset of 15.8 million stolen PayPal credentials, allegedly including login emails and plaintext passwords. The cybercriminals claim the information was stolen in May 2025, and the dataset contains not just emails and passwords but also associated URLs, making it easier for criminals to automate ...
- Orange Belgium informs its customers about a cyberattack
August 20, 2025
At the end of July, Orange Belgium detected a cyberattack on one of its IT systems, resulting in unauthorised access to certain data from 850,000 customer accounts. No critical data was compromised: no passwords, email addresses, bank or financial details were hacked. However, the hacker gained access to one of our IT systems containing the following ...
- Australia’s second-largest internet provider iiNet customers’ data exposed in cyber attack
August 19, 2025
Hundreds of thousands of customers of Australia’s second-largest internet provider have had their email addresses or phone numbers compromised in a cyber attack. A list of about 280,000 active email addresses and roughly 20,000 active landline phone numbers were extracted from iiNet’s order management system, parent company TPG said. Another 10,000-odd iiNet user names, street addresses ...
- Workday hit by data breach targeting CRM systems
August 18, 2025
The US company was affected by a social engineering campaign that bears similarities to a recent wave of attacks by extortion group ShinyHunters. Enterprise software company Workday recently suffered a data breach after threat actors targeted a third-party customer relationship management (CRM) platform. According to a blogpost by the US company on Friday (15 August), threat ...
- UK: Thousands of Afghans, troops and civil servants may be victims of new data breach
August 16, 2025
Some 3,700 Afghans, British troops and civil servants may have fallen victim to a new data breach, after an incident involving a company linked to the Ministry of Defence. Stansted-based Inflite The Jet Centre Ltd suffered a data security incident which led to “unauthorised access to a limited number of company emails”, according to the firm. ...
- Canada: House of Commons hit by cyberattack from ‘threat actor’
August 14, 2025
The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee information. According to an internal email obtained by CBC News, the House of Commons alerted staff on Monday that there was an information breach. It said a malicious actor was able to exploit a ...