TechCrunch: India’s state gas company leaks millions of Aadhaar numbers . “Another security lapse has exposed millions of Aadhaar numbers. This time, India’s state-owned gas company Indane left exposed a part of its website for dealers and distributors, even though it’s only supposed to be accessible with a valid username and password. But the part of the site was indexed in Google, allowing anyone to bypass the login page altogether and gain unfettered access to the dealer database.”
BBC: Millions of medical calls exposed online. “Millions of calls made by Swedes seeking medical advice via a national health service telephone line have been exposed online. Some 2.7 million conversations dating back to 2013 were uncovered by technology news site Computer Sweden on an unencrypted web server. It amounted to 170,000 hours of sensitive calls about symptoms and medications.”
CNET: Chinese facial recognition company left database of people’s locations exposed. “A Chinese facial recognition company left its database exposed online, revealing information about millions of people, a security researcher discovered. SenseNets, a company based in Shenzhen, China, offers facial recognition technology and crowd analysis, which the company boasted in a promotional video could track people across cities and pick them out in large groups.”
TechCrunch: Data management giant Rubrik leaked a massive database of client data. “A server security lapse has exposed a massive database of customer information belonging to Rubrik, an IT security and cloud data management giant. The company pulled the server offline Tuesday within an hour of TechCrunch alerting the company, after the data was found by security researcher Oliver Hough. The exposed server wasn’t protected with a password, allowing access to anyone who knew where to find the server.” This was an IT security company? WOW.
ZDNet: Unsecured MongoDB databases expose Kremlin’s backdoor into Russian businesses. “A Dutch security researcher has stumbled upon the Kremlin’s backdoor account that the government had been using to access the servers of local and foreign businesses operating in Russia.”
Zawya: U.S. citizen leaks data on thousands in Singapore with HIV, govt says. “An HIV-positive American has leaked online the names of 14,200 Singaporeans and foreigners also diagnosed in the city-state with the human immunodeficiency virus, the Health Ministry said on Monday.” This article acknowledges that there are many unanswered questions.
TechCrunch: Police license plate readers are still exposed on the internet. “Considered a massive invasion of privacy by many and legally questionable by some, there are tens of thousands of ALPR readers across the U.S. collectively reading and recording thousand of license plates — and locations — every minute, the ACLU says, becoming one of the new and emerging forms of mass surveillance in the U.S. But some cameras are connected to the internet, and are easily identifiable. Worse, some are leaking sensitive data about vehicles and their drivers — and many have weak security protections that make them easily accessible.”