Data Leaks of the Week – July 12, 2019

News

Avatar CybelAngel • July 12, 2019

A curated list of the top stories of the week concerning data leaks and digital threats.

DNA-testing service exposed thousands of customers’ genetic records and personal information online in unsecured server, report reveals

By James Pero, July 9, 2019, Daily Mail

A DNA testing service, called Vitagene, exposed 3,000 of its clients’ health reports available online via a publicly accessible server. The reports contained full names, dates of birth, and sensitive medical information, like clients’ risk of genetic disease and other gene-based health information.

160,000 resumes on Chinese recruitment site Zhilian allegedly exposed and leaked

By Cyrus Lee, July 11, 2019, ZDNet

Zhilian Zhaopin, one of the top job recruitment sites in China, has released evidence at a Beijing trial showing that 160,000 personal resumes uploaded onto its site were allegedly stolen and leaked for around 5 yuan (70 US cents) apiece. Two Zhilian staff members allegedly helped a person surnamed Zheng get access to around 160,000 users’ data and trade them for profit illegally.

Chinese smart home solutions vendor Orvibo leaks two billion user logs

By Pierluigi Paganini, July 3, 2019, Security Affairs

Orvibo, a Chinese smart home solutions vendor has been leaking billions of logs from devices managed via its cloud platform. The database revealed over 2 billion logs containing a broad range of data, such as usernames, email addresses, passwords, and sometimes the locations of devices.

Over 90 million records leaked by Chinese Public Security Department

By Sergiu Gatlan, July 8, 2019, Bleeping Computer

A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million personal and business records. The two databases contained about 26 GB of data in the form of personally identifiable information (PII), including names, birth dates, genders, identity card numbers, etc.

PII, credit card numbers and CVVs, home alarm codes leaked in Fieldwork data leak

By Ritesh Bhattia, July 8, 2019, Information Security Newspaper

Cybersecurity specialists discovered an exposed database belonging to Fieldwork, an operations management software firm for small- and medium-sized companies. The compromised information included full names, phone numbers, email addresses, and payment card details, among other Fieldwork customer data.

MongoDB database exposed 188 million records

By Akshaya Asokan, July 11, 2019, Bank Info Security

A MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed. It included information from searches conducted on Pipl.com and LexisNexis. The exposed records from Pipl included first and last names, email addresses, dates of birth, phone numbers, social media profile links, races, and religions. 800,000 records from LexisNexis contained names, addresses, genders, and family members.

Leaks are inevitable. Damage is optional.
Where has your enterprise's data leaked to?

See Your Data Leaks