Cybersecurity researcher Jeremiah Fowler recently discovered a severely misconfigured cloud database, containing a staggering 198.3 gigabytes of data, associated with customers of BuyGoods.com (also known as Softwareproject). BuyGoods.com, a global ecommerce marketplace based in Wilmington, Delaware, serves 3 million users across 17 countries. The unprotected database, lacking any security authentication, exposed over 260,000 records encompassing various sensitive information, such as affiliate payouts, refund transactions, invoices, and more. Disturbingly, the server also revealed personal records of customers and affiliates, including highly sensitive Personally Identifiable Information (PII) and Know Your Customer (KYC) data. Among the exposed details were customer selfies along with unredacted personal identification cards, licenses, passports, and credit card information. The breach had a global impact, affecting individuals from different parts of the world. Upon discovering the security lapse, Fowler promptly notified BuyGoods.com, which acknowledged the issue and assured that the data had been secured. However, despite the company's response, Fowler found that the server remained accessible for some time after his responsible disclosure. Misconfigured servers holding PII or KYC data pose significant threats to online privacy and can lead to identity theft, financial fraud, and unauthorized access to personal accounts. The potential misuse of this sensitive information by criminals could result in widespread chaos, eroding trust in digital systems and the safeguarding of private data. The incident underscores the critical importance of securing databases to protect individuals' privacy and prevent malicious exploitation of sensitive information.
Ubuntu 24.04 LTS, released on April 25, 2024, introduced exciting new features but is not immune to security vulnerabilities. The Ubuntu security team has recently addressed multip...
The City of Wichita, Kansas, has disclosed that files containing personal information were stolen during a ransomware attack in early May. On May 5, the city shut down certain syst...
Nissan North America recently informed the Maine Attorney General about a ransomware attack from late last year that compromised employee personal information. In early November 20...