Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Louis Vuitton Korea says systems breach led to customer data leak
July 4, 2025
A systems breach at Louis Vuitton Korea in June led to the leak of some of customer data including contact information, but did not involve customers’ financial information, the luxury brand’s South Korea unit said on Friday. “We regret to inform that an unauthorized third party temporarily accessed our system resulting in the leak of some ...
- Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
July 2, 2025
A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app’s full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from the phones of their ...
- Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach
July 2, 2025
Qantas is warning a “significant” amount of customer data has likely been stolen from its records during a cyber attack. The airline has released a statement saying that, on Monday, it detected unusual activity on a third-party platform used by a Qantas airline contact centre. The airline said 6 million customers had service records in this ...
- Data possibly stolen and council services offline after Glasgow cyber attack
June 25, 2025
Glasgow City Council has warned that personal data may have been stolen in a cyber attack affecting its services. The local authority was alerted to malicious activity on servers managed by a third-party supplier on June 19. Due to affected servers being taken offline, a number of services are currently unavailable, including planning applications, paying parking ...
- AT&T agrees to $177 million settlement over data breach
June 25, 2025
Current and former AT&T customers may be eligible for a payout from a $177 million settlement connected to two data breaches. A U.S. judge granted preliminary approval on June 20 to the settlement that resolves lawsuits against AT&T over the 2019 and 2024 incidents. The company announced in July 2024 that call and text message records ...
- U.S. Department of Defense Employee Charged with Unlawful Retention of Classified Documents
June 24, 2025
A civilian employee of the U.S. Department of Defense (DoD) was arrested and made her initial court appearance yesterday to face charges of unauthorized removal and retention of classified documents. Ewa Maria Ciszak, 64, of Huntsville, Alabama, is charged with knowingly removing and retaining classified documents and materials. According to court documents unsealed today in the ...