Current developments on this as of Sep 27: - I got in touch with AWS security team so they would contact the owner of the secret keys/buckets and get them rotated/secured; - Apparently, someone responsible for the gov't portal IT maintenance was made aware of this "overlap" and

Here is the final update on the Indian gov't portal exposure I've talked about last week: The National Logistics Portal + its environment. Now secured. cybernews.com/security/natio…

[NEW REPORT] "World-In-HD is the best French torrent tracker out there. Getting in there is very hard." Now all the 97k+ account details (real IPs, emails, torrent activity, logs etc.) were exposed as a result of another misconfiguration incident. Read more:

well... that's not the digital hygiene I was expecting to see 🤣

[NEW REPORT] A popular parental control app exposed its activity logs, leaving users' private data in www for at least a month. Payment info, user PII, tracking details - literally everything. Logstash updated daily, with gigabytes of data, usual story. Infected with readme note.

Me: sending security alert to company's contacts emails. Company's reply: we dropped a TON of new styles in December, did you miss it? Posh Peanut

Yes, I've seen this data when it was live. Yes, it is as simple as it gets. cybernews.com/security/brazi…

Every single data breach ever reported or sold was carefully collected by an unknown actor and left in a misconfigured instance. I'd say it is even bigger than Troy Hunt's HIBP.

Some random 'Mother of All Breaches' #MOAB stats / interesting info, FYI: 1) the total number of datasets in MOAB = 4145 2) out of it = 1448 have more than 100k records 3) out of it = 601 have more than 1M recs 4) 203 datasets have less than 100 recs 5) instance was updated in

▪️CyberNews research▪️ Football Australia leak exposes players’ details⤵️ #Australia #FootballAustralia #dataleak #data #cybersecurity #infosec cybernews.com/security/footb…

Will add a few details about this one. - Reported it to Football Australia on Nov 22, 2023 - At least one bucket was public - A couple of screenshots with proofs below

[NEW REPORT] Still a lot of UA entities and persons use uCoz resources to host sites. Now we know for sure, and a lot more to investigate... cybernews.com/security/web-h…

Proud and excited to be part of Mind The Sec once again, one of the most important events in the region!

We are working with Nik and Sébastien 🇺🇦 on a project that should help companies quickly respond to the fast-growing issue with API keys leaks. Unfortunately, Shopify, Stripe, PayPal and other industry players underestimate this problem and prefer not to mention numerous