InfoSecBulletin Cybersecurity for mankind
Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals). This platform provides dating services and social networking for US and UK military personnel and their supporters.
Jeremiah Fowler revealed that the publicly accessible database lacked password protection and encryption. It comprised a staggering total of 1,187,296 documents. In a brief review of the contents, it was noted that the majority of the documents were user images, alongside other potentially sensitive proof of service photos.
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets
Evaly E-commerce Platform Allegedly Hacked
Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges
184 Million Leaked Credentials Discovered in Open Database
The documents contained full names, mailing addresses, Social Security Numbers, National Insurance Numbers, and Service Numbers. They also included sensitive details like rank, branch of service, dates, and locations that must remain confidential.
Fowler stated that the dataset was from Forces Penpals, a dating service and social network for military members and their supporters. The researcher reported an issue to the authorities, who restricted access of the dataset on the next day.
It is not clear how long the dataset was publicly available. Only an internal forensic audit can reveal any additional access or suspicious activity.
Source: VPNmentor
Maxar Space Data Leak, Company admit, Investigation ongoing!
