Monday , April 21 2025
phone
Photo: Websiteplanet

Business Leaders & Celebrities’ Accounts Exposed

Jeremiah Fowler, a cybersecurity researcher, found and informed WebsitePlanet about a database without password protection. It held around 121,000 user accounts of entrepreneurs and business leaders from Clarity.fm, a platform for connecting entrepreneurs with experts.

The database had 155,531 records, including 121,000 member profiles with personal and professional email addresses, hourly rates, past payments for consulting sessions, and internal ratings based on user feedback.

Samsung phone is saving your passwords in plain text

You copy a password from your manager, thinking it's safe. Meanwhile, your phone is saving it in plain text. Samsung...
Read More
Samsung phone is saving your passwords in plain text

UK Software Firm Exposed 8 million of Healthcare Worker Records

A data leak involving 8 million UK healthcare worker records, including IDs and financial information, was caused by a misconfigured...
Read More
UK Software Firm Exposed 8 million of Healthcare Worker Records

GitHub Enterprise Server Vulns Expose Risk of Code Execution

GitHub has released security updates for GitHub Enterprise Server to fix several vulnerabilities, including a high-severity flaw that could allow...
Read More
GitHub Enterprise Server Vulns Expose Risk of Code Execution

CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers

Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10,...
Read More
CVE-2025-2492  ASUS warns of critical auth bypass flaw in routers

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called "symlink". This number...
Read More
16,000+  Fortinet devices compromised with symlink backdoor, Mostly in Asia

Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run...
Read More
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

CISA warns of increasing risk tied to Oracle legacy Cloud leak

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the...
Read More
CISA warns of increasing risk tied to Oracle legacy Cloud leak

CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App

Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE)...
Read More
CVE-2025-20236  Cisco Patches Unauthenticated RCE Flaw in Webex App

Apple released emergency security updates for 2 zero-day vulns

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly...
Read More
Apple released emergency security updates for 2 zero-day vulns

Oracle Released Patched for 378 flaws for April 2025

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers...
Read More
Oracle Released Patched for 378 flaws for April 2025

Jeremiah Fowler believed the exposed records belonged to San Francisco-based Clarity.fm — a platform that connects entrepreneurs and professionals seeking advice or mentorship with experienced individuals in various fields. But he is not clear if the database was owned or managed by Clarity.fm or a third party contractor, websiteplane report reads.

Exposing personal and business email addresses can create major cybersecurity risks. Companies don’t disclose executive contacts to avoid harassment, spam, and security issues. Business leaders and investors are common targets for cybercriminals because of their wealth and access to funds, making them vulnerable to financial exploitation.

High-profile individuals often have connections to other investors, making them prime targets for cybercriminals. These criminals may try to misuse their personal information for social engineering or other fraudulent activities.

There is a growing risk of CEO fraud, also known as Business Email Compromise (BEC). This is when scammers impersonate the CEO to trick people into revealing sensitive information or making financial transactions. According to Forbes, CEO fraud cost the economy $26 billion from 2013 to 2019. In 2024, a criminal used deepfake technology to convince a finance worker to transfer $25 million. CEO fraud affects nearly 400 companies per day, with around 22,000 victims and $3 billion in losses over three years.

When contact information like personal or work emails is leaked, it’s crucial to take basic cybersecurity steps and reduce risks. It’s also important to inform people if their contact details have been exposed.

The database revealed a cloud storage account for profile pictures. Exposing additional storage accounts poses cybersecurity risks, allowing cybercriminals to launch targeted attacks and exploit vulnerabilities in the storage system or attempt credential theft using social engineering techniques.

According to researchers, nearly 98% of cyber crimes are a result of social engineering campaigns, which involve sharing sensitive information like credentials. This could lead to unauthorized access to the company’s cloud storage, allowing attackers to steal data or disrupt operations. Other serious risks include phishing, malware, and criminals gaining access to sensitive business accounts or internal documents due to exposed usernames and passwords from previous data breaches.

Jeremiah Fowler recommend that regular training sessions should be provided to employees to educate them about different types of social engineering attacks, including CEO fraud. This knowledge will help employees recognize suspicious requests and verify the authenticity of financial transactions, thus preventing fraud and safeguarding against financial loss and data theft. It is important to always verify requests for sensitive information or financial transactions, even if you believe you know the person you are communicating with. Use only official communication channels and known phone numbers to ensure the legitimacy of the interaction. Additionally, establish a clear approval process for financial transactions and changes to sensitive account information, requiring multiple layers of verification from multiple individuals or departments.

(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)

Check Also

ANY.RUN

Top 10 Malware Threats of the Week: Reports ANY.RUN

Cybersecurity platform ANY.RUN recently reported the top 10 malware threats of the week, highlighting a …

Leave a Reply

Your email address will not be published. Required fields are marked *