Data Leaks of the Week – March 15, 2019

News

Avatar CybelAngel • March 15, 2019

A curated list of the top stories of the week concerning data leaks and digital threats.

‘Yelp for conservatives’ MAGA app leaks users data

By Catalin Cimpanu, March 12, 2019, ZDNet

63red Safe, a mobile app described as a “Yelp for conservatives” is leaking almost all of its data, according to a French cybersecurity researcher. Since the backend API needs no form of authentification, the app’s information can be easily extracted.

 

Dozens of companies leaked sensitive data thanks to misconfigured Box accounts

By Zack Whittaker, March 11, 2019, TechCrunch

More than 90 major tech companies and corporate giants left data inadvertently exposed in Box storage accounts. Sharing links were public by default and not updated. Leaked information included email addresses, passports, project proposals, and even donor information…

 

763M email addresses exposed in latest database misconfiguration episode

By Curtis Franklin Jr., March 11, 2019, DARKReading

A security researcher named Bob Diachenko found an exposed MongoDB instance containing a total of 150GB of data including approximately 763 million unique email addresses. That breach is the latest in a significant series of data breaches and exposures involving MongoDB.

 

Citrix security breach sees 6TB of sensitive data stolen

By Connor Jones, March 11, 2019, ITPRO

Citrix has suffered a cyber attack that resulted in the loss of 6TB worth of data including emails, blueprints and other business documents. With multinational companies and state agencies as clients, Citrix could face strong consequences, especially in the European Union.

 

“Ukrainian Papers” massive business data leak embroils Poroshenko in a new corruption scandal

By Graham Stack, March 14, 2019, IntelliNews

A massive leak of hacked files, called the Ukrainian Papers, triggered a huge corruption scandal concerning Ukraine’s embattled President Petro Poroshenko, only two weeks away from presidential elections.

 

Rafale paper leaks threat to India security

By Aneesha Mathur, March 14, 2019, India Today

Gearbest, a Chinese online shopping giant, has exposed millions of user profiles and shopping orders, due to an unprotected ElasticSearch server. Not only are the exposed orders a breach of customer privacy, but the exposed data could endanger customers in parts of the world where freedom of speech and expression is limited.

 

Marriott CEO reveals more details about the massive data breach

By Zeljka Zorz, March 12, 2019, Help Net Security

Arne Sorenson, the CEO of Marriott International, revealed more information about their recent breach, including how they discovered it.

 

Expert found an open database in China containing the personal information of more than 1.8 million women, including a strange “BreedReady” status

By Pierluigi Paganini, March 12, 2019, SecurityAffairs

A cybersecurity researcher found an unprotected database in China containing the personal information of more than 1.8 million women. The database contained GPS coordinates, ID numbers, and a strange “BreedReady” status.

 

Unsecured database exposed 33 million job profiles in China

By Lawrence Abrams, March 14, 2019, BleepingComputer

Using the Shodan search engine, a security researcher found a large ElasticSearch database with approximately 33 million profiles for people seeking jobs in China.

Leaks are inevitable. Damage is optional.
Where has your enterprise's data leaked to?

See Your Data Leaks