eTick Data Breach - Improperly designed APIs lead to Data Breach and Data Manipulation
Bishop's Univertitys eTick mobile applicaiton exposes the private information of users, and leads to eventual data manipulation of any users submission.…
Data Breach: Dogness IOT gets put in the Dog House
Pet IoT company Dogness, has exposed it's unsecured ElasticSearch server, containing usernames, emails, clear-text passwords, which has lead to the complete exposure of its production SQL database, application source code, and the complete takeover it's pet feeding devices and associated accounts.…
BIOS Medical - The Final Chapter - "Lacks adequate security safeguards to protect customer personal information"
The Privacy Comissioner of Canada has found that BIOS Medical lacks adequate security safeguards to protect customer personal information…
Sweet Chat: Chinese 'Tinder' with 10M users, exposes chats and private photos
Sweet Chat, an Android based chatting and photo sharing application with over 10 million users, has been exposing it's users chat content, and privatly shared photos on an unsecured server.…
Pritunl users beware.. secure your MongoDB
The following blog will walk you though a major security issue found with older versions of the OpenVPN Pritunl software's Mongo Database, and how to discover, and exploit it's misconfiguration…
Unsecured ElasticSearch server at Viec.co, a freelance outsourcing company, exposes the PII of its recruitment workforce
An unsecured ElasticSearch server used by Viec.co a Vietnamese freelance outsourcing company, has lead to the discovery of several security deficiencies that are exposing the PII of it’s ~6000 workforce.…
Data Breach at North American Service Center, a UAE Immigration Consultant, exposes confidential identification documents of clients
A misconfigured ElasticSearch server run by a North American immigration consulting agency located in the United Arab Emirates, has lead to the exposure of confidential documents sush as Passports, Visas, Birth Certificates, Academic records, and Video taped interviews.…
Google and Un-Hashed passwords, they don't go so good together
Burke Consulting is in the news: Google admits two password hash blunders, one dating back 14 years 1e3)g=1e3;else if(~~g IT World Article on Recent Google announcement about its use of unhashed passwords for gSuite users…
Chefling: Exposed ElasticSearch server leads to data breach, including cleartext passwords.
An unsecured ElasticSearch server, containing detailed mobile client API calls, leads to the exposure of several thousand Chefling users emails, cleartext passwords, and login tokens…
Data Breach - Seva.id Indonesian Vehicle & Property listing company
Unsecured ElasticSearch server run by Seva.id exposes the emails and clear-text password of over 100,000 users…