Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hacked health firm HCRG demanded journalist ‘take down’ data breach reporting, citing UK court order
March 6, 2025
A U.S.-based independent cybersecurity journalist has declined to comply with a U.K. court-ordered injunction that was sought following their reporting on a recent cyberattack at U.K. private healthcare giant HCRG. Law firm Pinsent Masons, which served the February 28 court order on behalf of HCRG, demanded that DataBreaches.net “take down” two articles that referenced the ransomware ...
- Bank of Ireland to pay €350K over alleged data breach that saw woman stalked by her father
March 5, 2025
The High Court has ordered Bank of Ireland to pay a €350K settlement to a woman and her partner, who alleged her data was released to her estranged father, who then used it to find the couple abroad and stalk them. At the High Court today, Ms Justice Mary Rose Gearty was told the settlement, which ...
- New spyware found to be snooping on thousands of Android and iOS users
February 28, 2025
Hundreds of thousands of Android users, as well as several thousand iPhone users, have had their sensitive data compromised by a spouseware app, called Spyzie. The apps were found leaking email addresses, text messages, call logs, photographs, and other sensitive data, belonging to millions of people who, without their knowledge or consent, have had these apps ...
- How hackers ruined a Disney employee’s life after he downloaded AI photo tool
February 27, 2025
A former Disney employee’s world was turned upside down when he downloaded an artificial intelligence-powered photo program, unaware that it was laced with hacking software, during a massive data breach at the entertainment giant. In July, Matthew Van Andel, an engineer at Disney at the time, got a message on the chat forum Discord from an ...
- Background check provider data breach affects 3 million people who may not have heard of the company
February 25, 2025
Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. The attacker may have accessed over three million files containing personal information. DISA is a third-party administrator of employment ...
- New York amends data breach law
February 24, 2025
On December 24, New York Gov. Kathy Hochul (D) signed into law an amendment to section 899-aa of the N.Y. General Business Law, also known as The Shield Act, modifying the law’s data breach notification requirements. The amendment, which took effect immediately, incorporates provisions that other states have adopted in recent years. First, the amendment shortens ...