Database security news, articles & updates| SC Media Database security

Database security

Privacy takes a hit, as storage bucket leaks cannabis dispensary POS data

A misconfigured Amazon Web Services S3 storage bucket was discovered leaking data that had been collected by a point-of-sale system used by multiple cannabis dispensaries, researchers from vpnMentor reported on Wednesday. The exposed bucket, which was found on Christmas eve and closed by Jan. 14, was found to contain more than 85,000 files. These included…

Microsoft database misconfiguration exposes 250M customer support records

Microsoft last December misconfigured five Elasticsearch servers – each one containing the same data set of 250 million customer support records – leaving their information publicly exposed on the internet, according to researchers. The data leak was detailed today in a blog post by pro-consumer website Comparitech and separately disclosed in a Microsoft Security Response…

Facebook login bug lets attackers hijack accounts on Mashable, other sites

Open dark web database exposes info on 267 million Facebook

An unsecured database on the dark web left the personal information of more than 267 million Facebook users, mostly in the U.S., exposed. Although the database, discovered by security researcher Bob Diachenko and Comparitech and traced to Vietnam, is now inaccessible, it laid bare names, phone numbers, timestamps and Facebook IDs and that information also…

HondaWannacry

Open database exposes 26,000 Honda Motors customers

A Honda Motor Company Elasticsearch cluster containing 976 million records affecting about 26,000 customers and containing information on Honda vehicle owners was found exposed. Independent security researcher Bob Diachenko posted that the database appeared to be part of the company’s North American operation did not require any passwords or other authentication to access the data,…

Unsecured storage bucket exposes applications for birth certificate copies

A leaky Amazon Web Services storage bucket has exposed more than 752,000 applications requesting copies of birth certificates. A report yesterday by TechCrunch said the unsecured data set dates back to late 2017, but was just recently discovered by U.K.-based penetration testing company Fidus Information Security. The data is managed by a company that helps…

talkingonaphone

Sprint contractor reportedly stored non-Sprint customers’ phone bills on open server

Hundreds of thousands of cell phone bills and other documents belonging to AT&T, Verizon and T-Mobile customers were reportedly exposed after a Sprint contractor left them sitting on an open public server. The documents had been collected and stored in the first place as part a marketing effort to persuade subscribers of rival carrier services…

Defending the database

Open TrueDialog database exposes texts, PII on millions in U.S.

An open database at text messaging solution company TrueDialog left user SMS messages exposed for months, putting nearly a billion records and “millions of Americans at risk,” according to the researchers who discovered the database, hosted by Microsoft Azure and running on the Oracle Marketing Cloud in the U.S. In addition to private text messages,…

Exposed Orvibo database leaks two billion records

More than two billion user logs containing information on Chinese home solutions company Orvibo’s customers were leaked after a database was left exposed. The company sells a portfolio of 100 smart solutions to manage energy and security systems, such as lighting systems, home entertainment devices and HVAC, in homes, offices and hotel rooms via a…

Unprotected MongoDB database exposes 763M unique email addresses, ‘business intel’

Verifications.io has taken down an unprotected MongoDB database found by researchers last week to contain 150GB-worth of plaintext marketing data including 763 million unique email addresses and various corporations’ revenue data. “This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number of…

Voipo database exposed millions of call logs and personal data

Communications provider Voipo left a customer database exposed revealing tens of gigabytes worth of customer data including personally identifiable information. Independent researcher Justin Paine discovered the improperly secured ElasticSearch database belonging to the voice-over-internet provider firm which containing nearly seven million call logs, six million SMS/MMS message logs, and plaintext internal system credentials including unencrypted…

Next post in Security News