A curated list of the top stories of the week concerning data leaks and digital threats.
DNA-testing service exposed thousands of customers’ genetic records and personal information online in unsecured server, report reveals
By James Pero, July 9, 2019, Daily Mail
A DNA testing service, called Vitagene, exposed 3,000 of its clients’ health reports available online via a publicly accessible server. The reports contained full names, dates of birth, and sensitive medical information, like clients’ risk of genetic disease and other gene-based health information.
By Cyrus Lee, July 11, 2019, ZDNet
Zhilian Zhaopin, one of the top job recruitment sites in China, has released evidence at a Beijing trial showing that 160,000 personal resumes uploaded onto its site were allegedly stolen and leaked for around 5 yuan (70 US cents) apiece. Two Zhilian staff members allegedly helped a person surnamed Zheng get access to around 160,000 users’ data and trade them for profit illegally.
By Pierluigi Paganini, July 3, 2019, Security Affairs
Orvibo, a Chinese smart home solutions vendor has been leaking billions of logs from devices managed via its cloud platform. The database revealed over 2 billion logs containing a broad range of data, such as usernames, email addresses, passwords, and sometimes the locations of devices.
By Sergiu Gatlan, July 8, 2019, Bleeping Computer
A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million personal and business records. The two databases contained about 26 GB of data in the form of personally identifiable information (PII), including names, birth dates, genders, identity card numbers, etc.
By Ritesh Bhattia, July 8, 2019, Information Security Newspaper
Cybersecurity specialists discovered an exposed database belonging to Fieldwork, an operations management software firm for small- and medium-sized companies. The compromised information included full names, phone numbers, email addresses, and payment card details, among other Fieldwork customer data.
By Akshaya Asokan, July 11, 2019, Bank Info Security
A MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed. It included information from searches conducted on Pipl.com and LexisNexis. The exposed records from Pipl included first and last names, email addresses, dates of birth, phone numbers, social media profile links, races, and religions. 800,000 records from LexisNexis contained names, addresses, genders, and family members.