Breaches and leaks

  • HovaHealth: a Mexican healthcare service company. An unprotected MongoDB instance was found, managed by them, with detailed personal data of 2 million people in it.
  • Yale University: they had personal data breached in 2008, but only just found out when testing their servers for vulnerabilities.
  • TCM Bank: a company that provides white-labeled credit cards to small banks. Between March 2017 and July 2018 their website exposed personal information of card applicants.
  • Salesforce: they have a marketing API where under certain circumstances one could get information from other companies, or write/corrupt the information of others.
Dieter Van der Stock