Breaches and leaks

  • Adhaar: India's biometric database, holding over a billion people, seems to be trivially spoofable/accessible.
  • Newegg, a large online technology retailer, had credit card information leeched, again by Magecart. It's unknown at this point how many people were affected.
  • GovPayNow: an online payment service of the US government, where things like traffic tickets and even bail can be paid, exposed all receipts. You could simply change the ID in the URL (yes, this again, ffs) and see the other receipts.
  • US State Department: its "unclassified e-mail system" was breached, exposing personal information of a "small number" of employees.
  • Bristol Airport had a ransomware infection and had to resort to writing flight schedules on whiteboards for a bit before recovering.
  • Medcall Healthcare Advisors: healthcare provider, had 7 gigs of medical information in an exposed s3 bucket.
  • Unknown: an unprotected MongoDB database was found with just under 11 million personal records. The researcher is not certain who it belongs to, although there are suspicions.
Dieter Van der Stock