Distinct Data leaks (July 23, 2020)

[German]In the last few days there have been some serious data leaks bruought to my attention, where data became public. For example, 25 GBytes of user data have been leaked from ancestry.com (genealogy). Here's a brief overview of some of these data leaks.


Software company leaks 25 GB of ancestry.com data

ancestry.com is a company that specializes in genealogy services. Its headquarters are in Lehi, Utah, USA, the German office is in Munich and the European office is in Dublin. As the world's leading commercial provider of genealogy services, the company maintains an internal computer genealogy network as well as historical records and a genetic genealogy database, which are made available to customers on the website of the same name. In Germany the website is operated as Ancestry.de. The data collection of this company thus reveals family trees and connections between families and individuals.

Nicolas Krassas points out in the above tweet to a data protection incident at this provider. According to this report, the data was publicly available due to a misconfiguration on an ElasticSearch server. Researchers from the cyber security company WizCase discovered a misconfigured cloud server. The cloud server hosts the exclusive customer data of the US technology company ancestry.com, and manages the Family Tree Maker software, also known as FTM.

The security researchers state that the database contained about 25 GB of data belonging to "The Software MacKiev Company". These companies synchronize the user data of the generalogy platformAncestry.com. This is not the first privacy incident of Ancestry.com. In an earlier data leak, the credentials of 300,000 accounts had become public in plain text.

As for the most recent incident, researchers say that about 60,000 MacKiev users were affected by the data exposure after an incorrectly configured ElasticSearch server was made public.


Data leak exposes VPN data

Recently I received a report about a data leak that affected several VPN providers, including UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN. These VPNs share the same ElasticSearch server, which leaked more than a billion records. This allowed user data, including PIIs (full names, email, home address), clear text passwords, activity logs (although the vendors claim not to keep logs), and more, to be viewed. And technical logs used by VPN providers have been disclosed. Details can be found in the vpnmentor blog.

New Zealand: Passport and driver's license data online

The cybernews.com team has just informed me that their security researchers have discovered a new data leak. The specialists have discovered an unsecured database (Amazon Simple Storage Solution S3) from the New Zealand company LPM Property Management, which contains more than 31,000 images of passports, driving licences, proof of age and more. The files include:

  • Passports, both expired and active, from New Zealand, Australia and abroad
  • Driving licences with ID numbers, donor status, addresses, dates of birth and full names
  • Proof of age documents
  • Application photos
  • Images of damaged property (labeled "maintenance requirements") – LPM helps manage the property of different landlords.

These are very useful information for cyber criminals, because with this kind of information criminals can more easily commit identity theft. This can go as far as taking out loans or booking other services on behalf of the victims.

Ausweis (Source: cybernews.com)

Although the security specialists contacted LPM to point out the data leak through the unprotected database, they did not receive a reply. The security researchers have described the details in this blog post.

Data leak at MyCastingFile.com

The prominent US online casting agency MyCastingFile.com claims to have recruited talent for productions such as NCIS: New Orleans, True Detective, Pitch Perfect and the latest episode of the Terminator series, Terminator Genisys. Now there has been a data leak where private data of more than 260,000 users has been publicly exposed.

The security team of safetydetectives.com discovered the records of over 260,000 users under the direction of Anurag Sen while searching for open servers on the Internet. The open database contained Personal Information (PII) such as physical and e-mail addresses, telephone numbers and sensitive information about characteristic physical features. In total, almost 10 million records were disclosed, which corresponds to a size of about 1 GB.

According to server records, the gap appears to have been created on 31 May 2020. After disclosure by the security researchers, the vulnerability was corrected by the company. Details can be read in this blog post.

The Wattpad data leak

Wattpad is a website or app for readers and authors to publish new user-generated stories in various genres, including classics, general fiction, historical fiction, non-fiction, poetry, fan fiction, spirituality, humor, LGBTQI, young adults, urban paranormal and teen fiction. According to public sources, the website receives over 140 million visitors per month.

In July 2020, cyble security researchers became aware of a data leak. A known actor or a known group of cyber criminals, the ShinyHunters, started selling a captured Wattpad database. According to the cyber criminals, this affects over 200 million accounts. The hacker or group also claimed that this was the second largest "data breach" in history after the MySpace breach, which occurred in 2013. The colleagues from Bleeping Computer were informed a little earlier than yours truly. They published this article on the subject.

The cases show that the issue of data security has long since slipped out of our hands. The delusion of putting anything and everything into the cloud will be a bitter pill to swallow. The change of mind will only come when it is clear that the price to be paid for data in the cloud is simply too high.

Here is the description of a data leak (deleted), according to which data from 45 million trips to Thailand and Malaysia are traded in the darknet. I still have unpublished documents according to which there have been over 500 cases of ransomware attacks on German companies in Germany in the last few months. Data was stolen and threatened to be published.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *