Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.
Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size. It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- British Library Employee data leaked in cyber attack
November 21, 2023
The British Library has confirmed that a cyber attack in October has led to a leak of employee data. The attack, which took place on 31 October, has also resulted in the library’s website being down for almost a month. The Rhysida ransomware group claim to be behind the attack, and say they will auction off ...
- Hackers accessed sensitive health data of Welltok patients
November 20, 2023
Hackers accessed the personal data of more than a million people by exploiting a security vulnerability in a file transfer tool used by Welltok, the healthcare platform owned by Virgin Pulse. Welltok, a Denver-based patient engagement company that works with healthcare plans to provide communications to subscribers about their healthcare, confirmed in a data breach notification ...
- Canada: Current and former public service, RCMP, military members affected by data breach
November 18, 2023
The federal government is warning current and former public service employees and members of the RCMP and Canadian Armed Forces their personal and financial information may have been accessed in a data breach that occurred on Oct. 19. The breach affects federal government data held by Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & ...
- Toyota finance business confirms ransomware attack, data breach
November 18, 2023
Toyota Financial Services (TFS), a subsidiary of the popular automaker, has confirmed suffering a ransomware attack. In a statement company stated that Toyota Financial Services Europe & Africa “recently identified unauthorized activity on systems in a limited number of its locations.” The company only mentioned unauthorized activity on its endpoints and didn’t discuss if any data ...
- Samsung UK discloses year-long breach, leaked customer data
November 17, 2023
The UK division of Samsung Electronics has allegedly alerted customers of a year-long data breach – the third such incident the South Korean giant has experienced around the world in the past two years. An email to customers, shared on social media by web security consultant and Have I Been Pwned creator Troy Hunt, detailed that ...
- 9 million patients had data stolen after US medical transcription firm hacked
November 15, 2023
Close to nine million patients had highly sensitive personal and health information stolen during a cyberattack on a U.S. medical transcription service earlier this year, representing one of the worst medical-related data breaches in recent times. The medical transcription company, Perry Johnson & Associates, or PJ&A, is a Henderson, Nevada-based company that provides transcription services to ...