Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Amazon is still hosting spyware victims’ data weeks after breach alert
March 13, 2025
Amazon will not say if it plans to take action against three phone surveillance apps that are storing troves of individuals’ private phone data on Amazon’s cloud servers, despite TechCrunch notifying the tech giant weeks earlier that it was hosting the stolen phone data. Amazon told TechCrunch it was “following process” after our February notice, ...
- Bank Of America Alerts Customers To Data Breach, Offers Identity Theft Protection For Affected Accounts
March 11, 2025
The Bank of America has alerted a small group of its customers about a data breach that may have exposed confidential information. The breach, which took place on December 30, was a result of improper handling of confidential documents by a third-party document destruction service provider. The breach could have potentially exposed sensitive data, including personal ...
- Hacker accessed PowerSchool’s network months before massive December breach
March 10, 2025
A hacker compromised the U.S. edtech giant PowerSchool months before its ‘massive’ data breach in December, according to a now-published forensic report into the incident conducted by U.S. cybersecurity firm CrowdStrike. In a letter sent to affected customers last week, seen by TechCrunch, PowerSchool confirmed that an investigation into the incident has revealed that its network ...
- Allstate sued for not reporting data breach of 165,000 New Yorkers
March 10, 2025
New York state sued Allstate on Monday, accusing the insurer’s National General unit of failing to report a data breach that exposed drivers’ license numbers, and not developing reasonable safeguards to protect policyholders’ private information. The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan, and seeks civil fines. ...
- Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations
March 10, 2025
Japanese telecom giant NTT Communications (NTT Com) has confirmed that hackers accessed the data of almost 18,000 corporate customers during a February cyberattack, affecting an as-yet-unknown number of individuals. The Tokyo-based NTT Com, which provides phone and network tech to enterprises, said it discovered the data breach on February 5 after determining that the hackers had ...
- UK: Healthcare staff illegally accessed medical records belonging to the Nottingham attack victims
March 6, 2025
The families of the Nottingham attack victims have said claims healthcare staff illegally accessed medical records belonging to their loved ones are “sickening” and “inexcusable”. Barnaby Webber and Grace O’Malley-Kumar, both 19, and Ian Coates, 65, were stabbed to death by Valdo Calocane in the city in June 2023. Dr Manjeet Shehmar, medical director at Nottingham ...