Bob Diachenko – Page 2 – WindowsTechs.com

Personal data on 202 million Chinese job-seekers left exposed on insecure database

Posted on January 10, 2019 by Jeff Stone

Resume information about more than 200 million Chinese job-seekers was exposed on an insecure database accessed in December by a researcher from Hacken, a cybersecurity company. Bob Diachenko, director of cyber risk research at Hacken.io and the bug bounty platform HackenProof, announced Thursday that he found a 854 gigabyte MongoDB database containing 202,730,434 records about job candidates from China. The files contained candidates’ skills and work experience, as well as their mobile phone number, email address, marriage status, political leanings, height, weight, driver’s license information and salary expectations, among other personal data. Not every field was filled-in for each individual, Diachenko said. The database did not require visitors to enter a username or password to access the information, Diachenko wrote. While the owner of the database remains unclear, Diachenko explained that the information appears to have originated from a tool used to scrape data from the websites of Chinese classifieds. […]

The post Personal data on 202 million Chinese job-seekers left exposed on insecure database appeared first on CyberScoop.

Continue reading Personal data on 202 million Chinese job-seekers left exposed on insecure database→

Veeam leaves MongoDB database wide open, exposes 445m records

Posted on September 13, 2018 by Lisa Vaas

The data-management firm’s customer database held names, email addresses, some IP addresses and more: a wealth of ammo for phishers. Continue reading Veeam leaves MongoDB database wide open, exposes 445m records→

Hundreds of thousands of voter records found exposed on misconfigured server: report

Posted on July 18, 2018 by Zaid Shoorbajee

Yet another misconfigured Amazon S3 bucket has exposed the sensitive information of unsuspecting people. This time, hundreds of thousands of voters’ information was left open for the taking by a Virginia robocalling firm called Robocent, according to Bob Diachenko, a security researcher at cybersecurity firm Kromtech. Diachenko wrote in a LinkedIn blog post Wednesday that he discovered a trove of about 26,000 files, including audio files with pre-recorded political messages and spreadsheets containing voter information, in the leaky server. The voter data, according to Diachenko, includes names, phone numbers, addresses, political affiliations, birth dates, genders, jurisdictions and some demographic information. The Robocent files were accessible to anyone who did a specialized web search for “voters,” said Diachenko. By the time it was identified by Kromtech, the server had already been indexed by GrayhatWarfare, another website that scans the internet for open S3 buckets. Diachenko says he disclosed the finding to Robocent […]

The post Hundreds of thousands of voter records found exposed on misconfigured server: report appeared first on Cyberscoop.

Continue reading Hundreds of thousands of voter records found exposed on misconfigured server: report→

Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket

Posted on September 22, 2017 by Michael Mimoso

Verizon is the latest company to leak confidential data through an exposed Amazon S3 bucket. Continue reading Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket→

Four Million Time Warner Cable Records Left on Misconfigured AWS S3

Posted on September 5, 2017 by Chris Brook

600 gigabytes of information, including SQL database dumps, code, access logs, and customer information, belonging to BroadSoft and its client, TWC, was left online, accessible to anyone. Continue reading Four Million Time Warner Cable Records Left on Misconfigured AWS S3→