Big Data | SC Media

Big Data

facebook server

Sleeping on the job? Verlo Mattress Factory exposes database

It looks like Verlo Mattress Factory forgot to leave off the last “S” for security: A security researcher has come across an open Elastic database set containing 387,000 records associated with customers of Verlo Mattress Factory. Jeremiah Fowler, senior security researcher with SecurityDiscovery.com, reported that he discovered the non-password protected database on September 5 that…

Gogo caught using fake Google SSL certificates

Malinda Air locks down publicly exposed servers

Indonesian budget airline Malindo Air reported on September 19 it had locked down the formerly publicly exposed servers that had compromised passenger data. The airline had confirmed just one day prior that passenger data had been compromised and that it was working with Amazon Web Services and its e-commerce partner GoQuo to investigate the problem.…

Secure signin

CirclCI data breach exposed customer GitHub and Bitbucket logins

The software integration firm CircleCI is informing its clients a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts. The company said in a statement it was informed of the breach on August 31, but affected customers who accessed the CircleCI platform starting June 30, 2019. The information compromised…

emails

Webcomic XKCD forum user data exposed

In an incident practically ripped from the plot of one of its own stories, the webcomic XKCD reported that user data from its online forum section was found in an exposed database. XKCD, which labels itself a “webcomic of romance, sarcasm, math, and language,” posted in a brief note that portions of its PHPBB user…

One million Luscious porn site accounts compromised

Researchers at VPNMentor were able to access almost more than one million user accounts associated with the pornographic website Luscious. VPNMentor’s Noam Rotem and Ran Locar found 1.195 million records associated with the one million registered site users containing a variety of information that could be ruinous to the individuals if released. The nature of…

Data on 300K QuickBit crypto exchange customers exposed

The Swedish cryptocurrency exchange QuickBit was hit with a data breach affecting about 2 percent of its customer base through an unprotected MongoDB. Published reports put the number of accounts exposed at 300,000 with QuickBit stating the data involved was left unprotected while it was being migrated to a safer environment with names, addresses, e-mail…

5M records exposed by misconfigured MedicareSupplement.com MongoDB

A MedicareSupplment.com MongoDB containing more than five million records was found open to the public containing a wide range of PII. The records were found by the security firm Comparitech and researcher Bob Diachenko on May 13 containing first and last name, full address, IP address, email address, date of birth, gender and marketing-related information.…

Facebook’s xSocialMedia ad agency exposes 150K medical histories

Multiple databases belonging to the Facebook ad agency xSocialMedia have been found open exposing almost 150,000 records containing a wide variety of medical information derived from marketing campaigns run for medical malpractice lawsuits. The files were found by vpnMentor on June 2, and which have since been secured. The exposed information was gathered through Facebook…

Israel comes under cyber attack

Netanyahu among millions exposed on open travel company data base

A data base belonging to the Israeli online travel firm Amadeus was spotted open to the public exposing millions of Israeli travelers, including that nation’s prime minister. Amadeus is used as a booking service for several other popular Israeli travel companies including Inbal, which books flights for government workers. According to Calcalist.com, the open database…

resizedimage250198-copy-files-_275977

HCL employee, customer files found open to public

The digital solutions firm HCL left accessible information belonging to some of its employees and customers. The breach was first noticed by UpGuard when it came across personal information and plaintext passwords for new hires, reports on installations of customer infrastructure, and web applications for managing personnel. Using a keyword search technique that trolls for…

Next post in Data Breach