No need to hack, when it’s leaking, Wednesday edition: WeWork India, Proud Makatizen in Philippines
Two large leaks involving personal information discovered by researchers.
First up, Zack Whittaker reports:
WeWork India has fixed a security lapse that exposed the personal information and selfies of tens of thousands of people who visited WeWork India’s coworking spaces.
Security researcher Sandeep Hodkasia found visitor data spilling from the check-in app on WeWork India’s website, used by visitors to sign-in at the dozens of WeWork India locations across the country. A bug in the app meant it was possible to access the check-in record of any visitor by increasing or decreasing the user’s sequential user ID by a single digit.
Read more at TechCrunch.
Second, vpnMentor reports:
Proud Makatizen is an official website from the city of Makati, Philippines. It began as an online portal for providing Covid-19 relief services, such as signing up for vaccinations, financial support, and more.
Proud Makatizen had misconfigured an Amazon Web Services S3 bucket, exposing just over 620,000 files stored within. The files included photos of ID cards, as well as private medical and financial information.
Read more at vpnMentor.