eTick Data Breach - Improperly designed APIs lead to Data Breach and Data Manipulation
Bishop's Univertitys eTick mobile applicaiton exposes the private information of users, and leads to eventual data manipulation of any users submission.…
Data Breach: Dogness IOT gets put in the Dog House
Pet IoT company Dogness, has exposed it's unsecured ElasticSearch server, containing usernames, emails, clear-text passwords, which has lead to the complete exposure of its production SQL database, application source code, and the complete takeover it's pet feeding devices and associated accounts.…
BIOS Medical - The Final Chapter - "Lacks adequate security safeguards to protect customer personal information"
The Privacy Comissioner of Canada has found that BIOS Medical lacks adequate security safeguards to protect customer personal information…
Unsecured ElasticSearch server at Viec.co, a freelance outsourcing company, exposes the PII of its recruitment workforce
An unsecured ElasticSearch server used by Viec.co a Vietnamese freelance outsourcing company, has lead to the discovery of several security deficiencies that are exposing the PII of it’s ~6000 workforce.…
Data Breach at North American Service Center, a UAE Immigration Consultant, exposes confidential identification documents of clients
A misconfigured ElasticSearch server run by a North American immigration consulting agency located in the United Arab Emirates, has lead to the exposure of confidential documents sush as Passports, Visas, Birth Certificates, Academic records, and Video taped interviews.…
Chefling: Exposed ElasticSearch server leads to data breach, including cleartext passwords.
An unsecured ElasticSearch server, containing detailed mobile client API calls, leads to the exposure of several thousand Chefling users emails, cleartext passwords, and login tokens…
Data Breach - Seva.id Indonesian Vehicle & Property listing company
Unsecured ElasticSearch server run by Seva.id exposes the emails and clear-text password of over 100,000 users…
Oh Mi-Taxi what have you done? (Elastic Search Data Exposure)
(Note.. This article was published after the 30 day disclosure period in order to give mi-taxi / Mississauga Taxi a chance to resolve the disclosed issues.) Intro Mississauga Taxi (mi-Taxi) is a taxi company located in Mississauga, Ontario, Canada, who's mobile application uses an unsecured ElasticSearch server. That unsecured server was…