#privacy: Popular US hotel chain in data breach incident

Choice Hotels in the US has reported how hackers are demanding a cash sum in return for restored control of 700,000 customer records, reports reveal. Among data pinched from the hotel chain are travellers’ names, email addresses and contact numbers, with the theft made all the easier due to a lack of database protection. This […]

#privacy: Microfinance agency exposes more than 140K user records

Credia.ge, a Georgia based agency, has exposed thousands of its customers personal and loan information.  Security researcher, Bob Diachenko, identified the Elasticsearch cluster on August 3rd. However it was discovered through a Shodan search that the cluster had been first indexed back in September 2018.  The database in question was named “compromised” in Shodan search and […]

Database belonging to Spanish brothel chain exposed

An open and unprotected MongoDB was found exposing extremely sensitive information.  Security researcher, Bob Diachenko,  discovered the database on August 4th, and found that it belonged to a Spanish company managing a chain of “mens clubs” across the country. The database had contained extremely sensitive information including the full profiles of 3,350 girls, which had […]

More than two million customer records held for ransom

A Mexican online bookstore left millions of records exposed, enabling hackers to steal the data and hold it for ransom.  According to Comparitech, who collaborated with security researcher Bob Diachenko, Libreria Porrua, left a MongoDB database exposed online at two separate IP addresses. The database did not have a password or other authentication, and thus […]

5 million records belonging to MedicareSupplement.com was left exposed 

A database belonging to the US-based insurance marketing website has been left open and accessible to the public, exposing more than 5 million records.  Security researcher Bob Diachenko discovered the public MongoDB instance which appeared to be a part of the website’s marketing leads database. Diachenko tweeted that the database had been spotted on BinaryEdge.  […]

The University of Chicago Medicine exposes the personal info of over 1.5m donors

An Elasticsearch database containing the personal information of potential and existing donors, was found open and unprotected on the Internet. The exposed database was discovered by Security Discovery researcher Bob Diachenko on May 28. When investigating the exposed data, Diachenko identified that the 34GB-sized ElasticSearch cluster named ‘data-ucmbsd2’ contained 1,679,993 records. The records contained personally […]

Snaptrip accidentally exposes the personal details of its customers

The London-based last minute cottage renting company has leaked both the personal and payment data of its customers. Security researcher Bob Diachenko discovered the open and unprotected MongoDB database on May 21st, with no login credentials needed to view the data. Aside from admin credentials and hashed account passwords, the database named ‘Snap-Trip-Api’ contained 1,006 […]

Millions of golfer records from Game Golf app exposed

Millions of sensitive data points have been exposed on an unprotected server. Security Discovery researcher, Bob Diachenko, discovered an Elastic database that was not password protected and thus visible on the internet. Further investigation revealed that the database belonged to Game Golf. The compromised information included usernames, passwords, emails and Facebook login information as well […]

80 million records exposed in SMS spam operation

ApexSMS suffers data breach exposing the records of 80 million people. Discovered by security researcher Bob Diachenko, ApexSMS, an SMS text marketing company has suffered a data breach exposing the personally identifiable information of more than 80 million people which was then submitted on an unsecured database.  The exposed database contained 80 million records which […]

Verification.io suffers major data breach

Email platform, Verification.io has suffered a major data breach that has compromised around 2 billion records, reports reveal. The intrusion, discovered by security research, Bob Diachenko, has put countless personal email addresses and names into the public domain. Working in collaboration with colleague, Vinny Troia, traced the breach back to Verification.io, an email validation service. […]