Friday , July 10 2026

Auto Insurance Platform Exposed Over 5 Million Records

Cybersecurity researcher Jeremiah Fowler discovered a large, unprotected database with sensitive insurance and vehicle information. It contained over 5.1 million files, totaling 10TB, including powers of attorney, vehicle registrations, repair invoices, and images of damaged vehicles showing license plates and VIN numbers.

According to Fowler, “The publicly exposed database was not password-protected or encrypted. It contained 5,170,256 files and images.”

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

Thousands of MCP Servers Exposed to File Access and Injection Attacks

Thousands of Model Context Protocol (MCP) servers have serious security flaws like file access issues, command injection, server-side request forgery...
Read More
Thousands of MCP Servers Exposed to File Access and Injection Attacks

CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to the device's web interface. An...
Read More
CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Daily Cyber security update for 6. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 6. 07. 2026

“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

A new Linux flaw called “Bad Epoll” (CVE-2026-46242) lets regular users get root access on Linux servers, desktops, and Android...
Read More
“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

An AI performed a cyber attack without any human help for the first time

Security experts found what they think is the first time an AI carried out a cyber attack all by itself....
Read More
An AI performed a cyber attack without any human help for the first time

A sampling of these files revealed a wide range of personally identifiable information (PII):

Names, physical addresses, phone numbers, and emails.
Registration documents with VINs, vehicle year, make, and model.
Nearly 16,000 powers of attorney documents granting legal authority to transfer or assign titles, some even including the IP addresses of individuals who signed them electronically.

Fowler discovered internal documents, including software licenses and sensitive business records that were improperly exposed.

Source: Websitplanet

The exposed data appeared to belong to Illinois-based ClaimPix, a platform used across the U.S. for managing and filing auto insurance claims. Fowler explained, “Information inside the database (and the name of the database itself) indicated the records belonged to Illinois-based ClaimPix… I immediately sent a responsible disclosure notice to ClaimPix, and the database was restricted from public access shortly after.”

It is still unknown if the data was exposed for a long time or accessed by unauthorized users before being fixed.

The type of data exposed poses severe risks of fraud and identity theft. Fowler warned, “The exposure of personal data, insurance information, and even identification documents pose numerous potential risks both online and offline.”

For example:

VIN cloning: using stolen VINs to illegally register stolen or salvaged cars.
Insurance fraud: impersonating policyholders to file fraudulent claims or intercept payouts.
Impersonation attacks: exploiting powers of attorney to transfer vehicle ownership without the owner’s knowledge.

Fowler noted that criminals can merge data from different people to create fake identities for fraud.

Following Fowler’s disclosure, ClaimPix responded: “Thank you for alerting us to the security issues that you mentioned. We have investigated and confirmed your findings… We have updated policies and our code to address this issue and will be making those changes live later this evening.”

Fowler advises that, “companies in the insurance industry… encrypt all sensitive data… enforce access controls with multi-factor authentication… and perform regular audits of cloud storage systems to ensure they restrict public access.”

 

Check Also

Polymarket

Polymarket Hack Reportedly Results in $3 Million Theft

Polymarket is a platform for prediction markets using cryptocurrency. It lets users bet on what …