Twitter | Search | |
Bob Diachenko
Cyber Threat Intelligence, OSINT, | Responsible disclosures | Security consultancy | Contact me: bob@securitydiscovery.com
787
Tweets
575
Following
5,587
Followers
Tweets
Bob Diachenko May 23
[QUICK REPORT] It appears that Wunderman Argentina left passwordless MongoDB and AWS S3 bucket open to public, with PII of their local clients, employees, internal reports, logs and admin creds to CRM system. Now secured, no words from agency.
Reply Retweet Like
Bob Diachenko May 21
[NEW REPORT] Bad news for golf game players who used this application to login and track its records - more than 218k users’ data exposed online as a result of improper database config. No login needed to view data in browser:
Reply Retweet Like
Bob Diachenko May 16
Reply Retweet Like
Bob Diachenko May 14
It is possible that did not detect any data breach on gov't databases, because the db I have found did not contain any attributions to any organization. It simply contained data labeled as 'patients' and it was indexed by
Reply Retweet Like
Bob Diachenko May 14
This is the message I received from CERT Panama on May 8th as a reply to my alert
Reply Retweet Like
Bob Diachenko May 14
Replying to @mayer
No, unfortunately, no clue as of who owned that.
Reply Retweet Like
Bob Diachenko May 13
this is their RDP port screenshot as captured by
Reply Retweet Like
Bob Diachenko May 13
[NEW REPORT] Almost all Panama citizens data should have exposed in this data breach (still to be confirmed), read my short report here:
Reply Retweet Like
Bob Diachenko May 11
Replying to @MayhemDayOne
interesting, thanks! - so it is OK to have 100M+ records of this data in public.
Reply Retweet Like
Bob Diachenko May 11
to all my Indian followers, is this public info?
Reply Retweet Like
Bob Diachenko May 11
Such a great company in this feature:
Reply Retweet Like
Bob Diachenko May 11
What an irony. Back in Jan 2016, my then-colleague (and now-friend) reported Earbits leak with 325K users. 3 years later, last week on I spotted the same database, now with 385K users, all open and publicly available. Outdated Mongo v.2.4.14, no pass
Reply Retweet Like
Bob Diachenko May 10
Update re Indian database. This service has the same schema and Resume IDs in their samples (google-able).
Reply Retweet Like
Bob Diachenko May 9
[NEW REPORT] As always, mighty did a great investigative report on one of my latest finds. Here is additional info, as seen on my blog:
Reply Retweet Like
Bob Diachenko May 8
[NEW REPORT] Here is what I know about that massive Indian database exposure, with 250M+ of personally identifiable information. Now DB is hijacked by hackers.
Reply Retweet Like
Bob Diachenko May 8
Panama population is 4,099M people. 3.4M+ detailed records with IDs (cedula / cuadricula / poliza seguro medico), names, addresses, phones are exposed. informed. Hopefully database will be secured before it is too late..
Reply Retweet Like
Bob Diachenko May 8
Database with 250M+ very detailed Indian resumes that I reported a week ago was dropped by malicious actors. As per my investigation, database was not part of any company but rather scraped data collected by unknown org/person.
Reply Retweet Like
Bob Diachenko May 7
[ICYMI] Burger King’s Online Shop for Kids Exposed Data, read more here:
Reply Retweet Like
Bob Diachenko May 6
Replying to @MayhemDayOne
[NEW REPORT] More details on Burger King's online shop for kids data exposure.
Reply Retweet Like
Bob Diachenko May 6
BurgerKing FR's the Kool King Shop, online shop for 8-12 yo kids, accidentally exposed CRM backend of its systems, with 37K kids login details, incl. emails, passw, phones, DOB, gift coupons, logs admin creds (no payment info) etc. Quietly secured after note, report on the way
Reply Retweet Like