Category Archives: data exposure

Third-party Facebook apps left people’s data publicly exposed, researchers say

Posted on by

Two separate exposures of sensitive information about Facebook users are the latest alarming discoveries by researchers at UpGuard. In both cases, the operators of third-party apps that connected to Facebook were storing data about people in Amazon Web Services S3 buckets configured for public access, said UpGuard, a Silicon Valley-based security company known for identifying misconfigured cloud services. One database originated with Mexico-based Cultura Colectiva, while the other was stored by the makers of an app called “At the Pool.” Both had been secured by Wednesday, UpGuard said. The Cultura Cultiva is the bigger of the two exposures, including 146 gigabytes of information about comments, likes, reactions, account names, Facebook IDs and more, UpGuard said. The “At the Pool” discovery, while not nearly as large, “contains plaintext (i.e. unprotected) Facebook passwords for 22,000 users,” UpGuard said. The company appears to have ceased operation in 2014, but this “should offer little consolation to the app’s end users whose […]

The post Third-party Facebook apps left people’s data publicly exposed, researchers say appeared first on CyberScoop.

Continue reading Third-party Facebook apps left people’s data publicly exposed, researchers say

App Developers Left 540 Million Facebook Users’ Records on the Public Internet

Posted on by

The exposures didn’t come from Facebook itself, but do show how data generated by one company can end up exposed thanks to another service. Continue reading App Developers Left 540 Million Facebook Users’ Records on the Public Internet

Chinese e-commerce giant Gearbest leaks millions of records, researcher finds

Posted on by

An unsecured database has exposed records about millions of customer transactions from the Chinese e-commerce giant Gearbest, security researcher Noam Rotem has announced. Databases of orders, payments and invoices and customer information were exposed, compromising more than 1.5 million records, according to Rotem’s research published by VPN Mentor. It was not immediately clear how long the records have been exposed, though Rotem reported the databases were found unprotected this month. Payment information, products purchased, shipping addresses, and customer data including names, IP addresses and national identification and passport information was all among the data exposed. “Gearbest’s database isn’t just unsecured,” VPN Mentor noted in a blog post. “It’s also providing potentially malicious agents with a constantly-updated supply of fresh data.” Gearbest is owned by the Shenzen-based e-commerce giant Gobalegrow, a cross-border retailer specializing in the sale of electronics and computer accessories. On its website, Gearbest says it works with more […]

The post Chinese e-commerce giant Gearbest leaks millions of records, researcher finds appeared first on CyberScoop.

Continue reading Chinese e-commerce giant Gearbest leaks millions of records, researcher finds

‘Gold mine’ of customer loan, tax and other records exposed on open server

Posted on by

A massive store of data that includes loan agreements, payment schedules tax documents and other financial records was openly accessible on a public server until recently, according to security researcher Bob Diachenko and TechCrunch. The data, totaling about 24 million records, was being stored in an unsecured server by Ascension Data and Analytics, a company that sells various technical services to the financial industry, according to Diachenko. The researcher said he worked with TechCrunch reporter Zack Whittaker to track the data to Ascension. Diachenko wrote in a blog post published Wednesday that he notified Ascension after making the discovery on Jan. 10, and that the data was secured by Jan. 15. The report says the 51 gigabytes’ worth of data on the server consisted of individual pages of documents that were submitted by financial institutions for optical character recognition – the conversion of handwriting text into machine-readable text. Some of the documents dated as far back as 2008. Some, not all, […]

The post ‘Gold mine’ of customer loan, tax and other records exposed on open server appeared first on CyberScoop.

Continue reading ‘Gold mine’ of customer loan, tax and other records exposed on open server

Personal data on 202 million Chinese job-seekers left exposed on insecure database

Posted on by

Resume information about more than 200 million Chinese job-seekers was exposed on an insecure database accessed in December by a researcher from Hacken, a cybersecurity company. Bob Diachenko, director of cyber risk research at Hacken.io and the bug bounty platform HackenProof, announced Thursday that he found a 854 gigabyte MongoDB database containing 202,730,434 records about job candidates from China. The files contained candidates’ skills and work experience, as well as their mobile phone number, email address, marriage status, political leanings, height, weight, driver’s license information and salary expectations, among other personal data. Not every field was filled-in for each individual, Diachenko said. The database did not require visitors to enter a username or password to access the information, Diachenko wrote. While the owner of the database remains unclear, Diachenko explained that the information appears to have originated from a tool used to scrape data from the websites of Chinese classifieds. […]

The post Personal data on 202 million Chinese job-seekers left exposed on insecure database appeared first on CyberScoop.

Continue reading Personal data on 202 million Chinese job-seekers left exposed on insecure database

Data about 57 million people exposed by Elasticsearch servers

Posted on by

A data breach involving Elasticsearch search-engine technology exposed the personal information of nearly 57 million people for at least two weeks, according to report released Wednesday by the cybersecurity organization Hacken. The breach exposed 73 gigabytes of data as early as Nov. 14, Hacken said, including the names, employers, job titles, emails, addresses, phone numbers and IP addresses of 56,934,021 U.S. residents. There was a separate cache of data titled “Yellow Pages,” the report said, with 25 million records about businesses, including information such as names, company details, zip addresses, latitude/longitude, census tract, phone numbers, web addresses, emails, revenue numbers and more. Hacken said it was unclear where the leak originated, but the formatting of the data appeared to have similarities to fields used by Canadian data management company Data & Leads. The database is no longer exposing information to the public, Hacken said. Elasticsearch is an open-source tool intended to allow users to search data stored in private networks. The […]

The post Data about 57 million people exposed by Elasticsearch servers appeared first on Cyberscoop.

Continue reading Data about 57 million people exposed by Elasticsearch servers