1. Forum
  2. FidoNet
  3. CONSPRCY

  • Massive database containi

    From Mike Powell@1:2320/105 to All on Fri Sep 5 11:13:56 2025
    "Misconfigured databases remain one of the most common causes of data leaks across the web and the cloud." No, I'd say that *storing* data that
    shouldn't be stored in those places is the most common cause. -- Mike

    Massive database containing identity info on 252 million people leaked online
    - here's what we know

    Date:
    Thu, 04 Sep 2025 16:02:00 +0000

    Description:
    In some instances, the archive contained "full-spectrum" data, so be on your guard.

    FULL STORY

    A quarter of a billion people, located in seven countries around the world, were at risk of identity theft , wire fraud, phishing, social engineering,
    and other forms of cybercrime due to a collection of misconfigured databases leaking all sorts of personal information.

    Security researchers from Cybernews recently found three misconfigured
    servers, located in Brazil and the United Arab Emirates which contained detailed personal information on more than 250 million people.

    The people are apparently from Turkey, Egypt, South Africa, Saudi Arabia, the United Arab Emirates, Mexico, and Canada, with those in the first three hit particularly badly, as they lost full-spectrum data.

    "Government-level identity profiles"

    Generally speaking, the archives contained peoples ID numbers, dates of
    birth, contact details, and home addresses.

    Cybernews could not determine who the database owners are, but suspected it was a single entity.

    It's likely that these databases were operated by a single party, due to the similar data structures, but theres no attribution as to who controlled the data, or any hard links proving that these instances belonged to the same party, they explained.

    The researchers also noted the way the data was structured pointed towards government-level identity profiles.

    The team managed to have the archives locked down by reaching out to the hosting providers, who barred anyone else from entering. We dont know for how long the database remained unlocked, or if anyone managed to access it before the Cybernews team.

    Information such as this can be used in all sorts of cybercrime. Threat
    actors can use it to impersonate people and open bank accounts, take out
    loans, and possibly even apply for tax cuts or returns. They could send out convincing phishing emails, stealing login credentials and pivoting to other tools, including business accounts.

    Misconfigured databases remain one of the most common causes of data leaks across the web and the cloud.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/massive-database-containing-identity-in fo-on-252-million-people-leaked-online-heres-what-we-know

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)