Industry News
-
No more privacy: 202 Million private resumes exposed
On December 28th, Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, analyzed the data stream of BinaryEdge search engine and identified an open and unprotected MongoDB instance: The same IP also appeared in Shodan search results: Upon closer inspection, an 854 GB sized MongoDB database was left unattended, with
-
ESET South Africa security lapse
On December 12th, we identified an unprotected MongoDB instance which appeared to be part of ESET’s cloud infrastructure. An IP with a default MongoDB port was indexed by IoT search engine Shodan and was available for anybody to view, access and edit. A 50GB database contained information relating to ESET’s products distributed by South Africa’s
-
New Discovery: Nokia left its cloud environment open, config details exposed
The company later said it was a testing playground, raising doubts in its statement. Several internal databases, passwords and secret access keys to internal Nokia systems were left unattended on a leaky etcd server. Credentials included Heketi user and admin passwords, a Redis password, a Weave password, a k8s secret encryption key, a Gluster user
-
New Data Breach exposes 57 million records
A massive 73 GB data breach was discovered during a regular security audit of publicly available servers with the Shodan search engine. Prior to this publication, there were at least 3 IPs with the identical Elasticsearch clusters misconfigured for public access. First IP was indexed by Shodan on November 14th, 2018. An open Elasticsearch instance
-
Another ‘decision makers’ database leaked
These days it’s quite easy for an ordinary person to get the contact details of any business or organization for a certain fee or subscription. However, should seemingly non-sensitive data be so easily available? 123GB of personal data exposed On November 5th, we discovered an open and unprotected MongoDB database, 123GB in size, containing 9,376,173
-
Brazilian personal data exposure
Brazil has always been one of those countries where cybersecurity issues are hard to report. Back in September, we have already reported a big leak by a Brazilian online booking system exposing personal data of almost 500,000 people. The company behind the exposure was really hard to identify and contact, but at the end of
-
Children’s charity Kars4Kids leaks info on thousands of donors
Kars4Kids is a charity that asks people to donate their cars, motorcycles, RVs, and real estate. They are most known for their nationwide advertising using their hypnotic theme song where a child and a Johny Cash impersonator sing the phone number and invites people to donate their cars today. On the 3rd of November, Bob
-
Disconnection of the Status Check of the Implementation Environment in the Android Apps
In the last article, we reviewed OWASP Mobile TOP 10 Methodology for Testing Mobile Apps; that time we could not provide a proper case for demonstrating the need for protecting the source code. Only recently an interesting case appeared and now we are ready to share our experience of the diversion of the status checks
-
Inside American Express India cloud storage exposure
On 23rd October I discovered an unprotected Mongo DB which allowed millions of records to be viewed, edited and accessed by anybody who might have discovered this vulnerability. The records appeared to be from an American Express branch in India. It is important to note that no special programmes were used and I located these
-
FitMetrix exposed millions of customers’ records in a passwordless database
On October 5th, a member of Hacken security team has been browsing through Shodan looking for exposed Elasticsearch instances which recently could become targets in another spread of ransomware campaigns.
-
Atlas Quantum – HACKED
Yesterday, on August 26th, Have I Been Pwned, a website that identifies breached accounts, informed users that Atlas Quantum, a crypto investment platform, was hacked. Atlas Quantum is a crypto trading platform that allows users to trade on various sites and profit from their automated arbitrage system. Yesterday, the platform was hacked, and the data
-
Don’t believe the hype. One of the top 15 crypto exchanges fakes its volume
Have you ever wondered how it could be possible for the newbie exchanges like BitForex, FCoin, and CoinEx to make it to the TOP-15 by daily trade volume? Not to mention that they have managed to beat Binance, OKex, Huoboi, KuCoin, Kraken, and Upbit. With the help of Crypto Exchange Ranks, we feel like we
Subscribe to Hacken emails
Enter your email and be the
first to know all the news posted on Hacken Research
