Exposure

GO SMS Pro — one of the most popular Android messaging apps — just exposed millions of private photos and files

James Gelinas reports: Data leaks are bad enough, but it officially becomes a security nightmare when one affects hundreds of millions of users. Earlier this year, an unsecured server belonging to Microsoft exposed the data of more than 250 million users. This included email addresses that hackers and scammers could use for criminal activities. Tap...

Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak

Phil Muncaster reports: A US-based used electronics retailer has exposed over 2.6 million files, including ID cards and biometric images, after a misconfigured AWS S3 bucket was discovered. Researchers at Website Planet traced the instance back to California-based TronicsXchange, previously trading as GreenElectronicsExchange (GEEx). A random scan for server vulnerabilities led to the discovery...

Hosting Provider Exposed 63M Records incl. WP & Magento

I missed this report from Jeremiah Fowler the other day: On October 5th I discovered a non-password protected database that contained a large amount of monitoring and system logs. There were records indicating data backups, monitoring, error logging, and more. Upon further research, the database appeared to belong to the Texas-based cloud application hosting...

COVID-19 Data-Sharing App Leaked Healthcare Worker Info

Elizabeth Montalbano reports: A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient data. Vulnerabilities found in both the COVID-KAYA platform’s web and Android apps allowed for unauthorized users to access private data...

Three voters demand €10m fine for IT firm behind huge data breach

Claudia Calleja has an update on litigation following a voter data leak involving  C-Planet IT Solutions Ltd. Three of the 337,384 Maltese voters whose data was leaked in a massive security breach in April, have filed a complaint with the Data Protection Authority requesting that the IT company that held the data be fined...