Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Police Service Northern Ireland had 260 data breaches in two years, with only a fraction reported or disclosed
June 12, 2024
Figures released under a Freedom of Information request have shown the PSNI had 260 data breaches over two years — but only a fraction of them were reported to external authorities, and even fewer were publicly disclosed. In one case, a data breach was not reported for almost eight years. In 2022, there were 154 breaches, ...
- City of Helsinki’s suffers data breach
June 11, 2024
It remains unclear whether the perpetrator behind a massive data breach of the City of Helsinki has tried to benefit from the crime, according to the City. Detected in April, the hack resulted in the leak of tens of millions of files from the city’s internal network. The stolen files included the personal data of up ...
- UK and Canada governments launch full investigation into 23andMe mega breach
June 11, 2024
Data watchdogs in the UK and Canada are now jointly investigating the data breach that hit 23andMe in October 2023. The incident saw a threat actor post 13 million pieces of 23andMe data for sale on the dark web, including people’s origin estimation, phenotype and health information, photos and identification data, raw data, and some other ...
- Law firm Kirkland sued in class action over MOVEit data breach
June 10, 2024
U.S. law firm Kirkland & Ellis, the world’s largest law firm by revenue, has been pulled into U.S. litigation over a wide-ranging data breach linked to a file transfer tool that compromised data at hundreds of organizations. A proposed class action, opens new tab filed on Friday accused Kirkland and several other companies, including health insurer ...
- Major data breach at Philippines Agricultural Credit Policy Council (ACPC) exposes sensitive information
June 9, 2024
The Agricultural Credit Policy Council (ACPC) has been hacked, exposing sensitive data and raising concerns about government agency security. Ph1ns, a hacker who gained unauthorized access to the ACPC’s internal systems, revealed the breach. The hacker was also responsible for several hack attacks on government agencies, including the DOST and the PNP. Read more… Source: Manila Bulletin Sign up ...
- Telangana Police hit by second major data breach in a week as TSCOP App compromised
June 7, 2024
Just a week after the hacking incident involving Telangana police’s HawkEye app, another app, TSCOP, has been compromised as well. As a result, policerelated data is currently available for sale on online forums. The same hacker responsible for the breach of HawkEye is behind this security lapse. The TSCOP app user data is being sold online ...