18 matches found
PT-2025-40613
Zoho Office Suite holds an A security rating from UpGuard 829/950 as of 2025, with strong postures in encryption, SOC 2 Type II, and ISO 27001 compliance. Known issues include patched vulnerabilities like SQL injections CVE-2025-9428 in Analytics. No major breaches in 2025. It's ranked highly for...
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
For months, Microsoft’s Power Apps portals exposed personal data tied to 38 million records ranging from COVID-19 vaccination status, Social Security numbers and email addresses. Consumers most affected by what is being called a “platform issue” are those doing business with American Airlines,...
Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank
Three publicly-accessible cloud storage buckets from data management company Attunity leaked more than a terabyte of data from its top Fortune 100 customers – including internal business documents, system passwords, sensitive employee information. Israel-based Attunity, which was acquired by Qlik...
Podcast: Chris Vickery on UpGuard's Discovery of Millions of Facebook Records
Data collection and security was thrust to the forefront this week after researchers with UpGuard disclosed that hundreds of millions of Facebook records were found in two separate publicly-exposed app datasets. The two publicly-exposed datasets included one controlled by Mexican media company...
Private data of 540 million Facebook users exposed in plain text
By Waqas Unprotected Amazon Web Services has a new victim and it's Facebook users. It’s just been a year since the Cambridge Analytics scandal made headlines the world in which Facebook failed to secure its users’ information. Now the cybersecurity firm UpGuard’s researchers have identified the...
Millions of Oklahoma Gov Files Exposed by Wide-Open Server
Millions of sensitive files on a storage server belonging to the Oklahoma Department of Securities were left exposed for a week – including credentials, internal docs and personal data stretching back decades. Researchers at UpGuard who discovered the data leak said that the publicly accessible...
GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig
UPDATE GoDaddy, the world’s largest domain name registrar, has exposed high-level configuration information for tens of thousands of systems and competitively sensitive pricing options for running those systems in Amazon AWS, thanks to yet another cloud storage misconfiguration. The documents wer...
Exposed: 157 GB of sensitive data from Tesla, GM, Toyota & others
By Waqas The IT security researchers at cyber resilience firm Upguard discovered a massive trove of highly sensitive data publically available to be accessed by anyone. The data belonged to hundreds of automotive giants including Tesla, Ford, Toyota, GM, Fiat, ThyssenKrupp, and Volkswagen - Thank...
Chris Vickery Discusses Data Leak of 48 Million Users by Private Intelligence Firm
SAN FRANCISCO – Profile data of 48 million users that was scraped from social networks and websites ranging from Facebook, LinkedIn, Zillow and Twitter was leaked by a private intelligence agency. The data was left on an Amazon S3 storage bucket accessible without a password by Localblox, the...
Insurance Customers’ Personal Data Exposed Due to Misconfigured NAS Server
Detailed personal information from thousands of insurance customers in Maryland–as well as login credentials for a massive national insurance claims database–was exposed due to an an open port on a NAS server. The misconfiguration exposed a wealth of information on Maryland Joint Insurance...
Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket
A potentially devastating Amazon S3 bucket exposure left internal Accenture private keys, secret API data and other information publicly available to anyone who could then leverage it to attack the global consulting firm and its clients. The exposure was privately reported to Accenture on Sept. 1...
Chris Vickery on Amazon S3 Data Leaks
Mike Mimoso talks to Chris Vickery of UpGuard of the recent rash of Amazon S3 data leaks. Vickery uncovers of the commonalities among these leaks, some of which include AWS misconfigurations and mismanagement of third-party partner relationships. Download: ChrisVickeryonAmazonS3DataLeaks.mp3...
Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket
Organizations continue to leak data through publicly accessible Amazon S3 buckets, pointing a harsh finger at continued lax attitudes toward the custodianship of sensitive data. Verizon is the latest business affected by this epidemic, leaking in this case files marked confidential from an intern...
Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket
Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket configured for public access. The data was a backup stored in AWS by Election Systems & Software ES&S, a voting machine and election management...
Engineering Firm Leaks Data on Dell, SBC and Oracle
A Texas-based firm called Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet. Firms impacted by the leak were Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin. Chris Vickery, cyber risk analyst at security...
Third Party Exposes 14 Million Verizon Customer Records
As many as 14 million U.S.-based Verizon customers have had their data exposed by a partner of the telecommunications giant, which misconfigured a repository storing the personal information it had access to. UpGuard director of cyber risk research Chris Vickery, who has made a living of finding...
Over 14 Million Verizon Customers' Data Exposed On Unprotected AWS Server
Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet after NICE Systems, a third-party vendor, mistakenly left the sensitive users’ details open on a server. Chris Vickery, researcher and...
Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server
Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date. This blunder was caused by Deep Root Analytics DRA, a data analytics firm employed by the US Republican...