BetaNews: 10 billion exposed credentials and where to find them

BetaNews: 10 billion exposed credentials and where to find them. “Researchers at password manager NordPass have identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers. The databases are found across 20 different countries, with China being at the top of the list — the country has nearly 4,000 exposed databases. This means that potentially more than 2.6 billion users could have had their accounts breached.”

InfoSecurity Magazine: Cosmetics Giant Avon Leaks 19 Million Records

InfoSecurity Magazine: Cosmetics Giant Avon Leaks 19 Million Records. “A misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs. Researchers at SafetyDetectives led by Anurag Sen told Infosecurity that they found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption.”

The Register: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

The Register: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet. “A string of ‘zero logging’ VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet. This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon.”

European Gaming: Popular Gambling App Exposed Millions of Users in Massive Data Leak

European Gaming: Popular Gambling App Exposed Millions of Users in Massive Data Leak. “Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion. The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world. Aside from leaking activity on the app, the breached database also exposed private user information.”

InfoSecurity: Global Dating App Users Exposed in Multiple Security Snafus

InfoSecurity: Global Dating App Users Exposed in Multiple Security Snafus. “Security researchers have discovered five dating apps in the US and East Asia which are leaking millions of customer records thanks to misconfigured cloud databases. A team from WizCase led by Avishai Efrat explained that the Elasticsearch servers, MongoDB databases and AWS buckets they found were left publicly accessible with no password.”

InfoSecurity: Online Learning Platform Exposes Data on One Million Students

InfoSecurity: Online Learning Platform Exposes Data on One Million Students. “Researchers from the firm claimed that the Elasticsearch database belonging to provider OneClass was left completely unsecured. The trove contained over 27GB of data, amounting to 8.9 million records, including many students’ full names, email addresses, schools/universities, phone numbers, account details and school enrollment details.”

Silicon Angle: Niche dating app user data found exposed on misconfigured cloud instance

Silicon Angle: Niche dating app user data found exposed on misconfigured cloud instance. “The records of hundreds of thousands of users of a range of niche data apps have been exposed online in the latest case of a misconfigured cloud instance. Discovered by security researchers Noam Rotem and Ran Locar at vpnMentor… the 845 gigabytes of data containing 2.5 million records related to dating apps, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD and Herpes Dating.”

Tom’s Guide: How quickly does an unprotected database get found online? Less than 9 hours

Tom’s Guide: How quickly does an unprotected database get found online? Less than 9 hours. “What happens when a database full of vital personal information is left unprotected on the internet? Potential data thieves find it within hours, says hybrid tech blog/research team/VPN affiliate reseller Comparitech.”

Washington Post: Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found

Excuse me a moment while I headdesk? Washington Post: Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found. “The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers ‘prioritized building cyber weapons at the expense of securing their own systems,’ according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the current director.”

Der Spiegel: Database Exposes Offshore Holdings of Prominent Germans

Der Spiegel: Database Exposes Offshore Holdings of Prominent Germans. “A group of internet activists has posted data from a Bahamas corporate registry online. Searches of the database have turned up a number of prominent Germans whose offshore holdings weren’t previously known to the public.”

Taiwan News: Taiwan government database leaked on dark web

Taiwan News: Taiwan government database leaked on dark web. “It was reported on Friday (May 29) that a government database of more than 20 million Taiwanese citizens was leaked on the dark web. According to researchers at Cyble Inc., Toogod, a ‘known and reputable actor’ was found to have released the data titled, ‘Taiwan Whole Country Home Registry DB,’ onto the dark web. It is unusual for an entire nation’s database to be leaked, Cyble reported. The data is from the Ministry of the Interior’s Department of Household Registration.”

TechCrunch: A massive database of 8 billion Thai internet records leaks

TechCrunch: A massive database of 8 billion Thai internet records leaks. “Thailand’s largest cell network AIS has pulled a database offline that was spilling billions of real-time internet records on millions of Thai internet users. Security researcher Justin Paine said in a blog post that he found the database, containing DNS queries and Netflow data, on the internet without a password. With access to this database, Paine said that anyone could ‘quickly paint a picture’ about what an internet user (or their household) does in real-time.”

NBC News: Four states warn unemployment benefits applicants about data leaks

NBC News: Four states warn unemployment benefits applicants about data leaks. “At least four states are warning residents who have applied online for unemployment benefits because of the coronavirus that their personal information may have been leaked.”

ZDNet: Financial companies leak 425GB in company, client data through open database

ZDNet: Financial companies leak 425GB in company, client data through open database. “An open database is the source of a data leak leading to the exposure of 425GB in sensitive documents belonging to financial companies. On Tuesday, vpnMentor researchers led by Noam Rotem said the database appears to be connected to MCA Wizard, a now-defunct app that appears to have been developed by Advantage Capital Funding and Argus Capital Funding.”

Engadget: Whisper left users’ details exposed in an open database for years

Engadget: Whisper left users’ details exposed in an open database for years. “The once-popular app Whisper promises a place where you can share secrets anonymously. According to a Washington Post report, however, it left sensitive information that can be tied to users’ confessions exposed to the public for years. Apparently, Whisper kept a non-password-protected database that allowed anyone to freely browse its records.”