All news with #pii tag

TeaOnHer App Replicates Tea's Functionality and Breaches

🛡️ TeaOnHer, a recent iOS knock‑off of the controversial dating app Tea, has been found exposing sensitive user data. TechCrunch reported government IDs, driving licences and selfies accessible via a public web endpoint with no authentication, and the app appears to copy wording and features from the original. Newville Media did not respond to disclosure attempts, and an exposed admin credential pair was found on the company server. Until these failures are addressed, users should avoid Tea-related apps.

Android adware: risks, techniques and removal advice

📱 Android adware can range from benign ad‑supported apps to intrusive PUAs that harvest data, perform click fraud, or hide to prevent removal. Detections rose by 160% in H1 2025, and sophisticated campaigns such as Kaleidoscope — which uses identical “evil twin” apps across official and third‑party stores — accounted for a substantial share of incidents. To reduce risk, only install apps from reputable developers and the Google Play Store, keep software updated, enable PUA detection in mobile security tools, and if infected disconnect, reboot to Safe Mode and remove suspicious apps or run a trusted scanner.

Portkey Integrates Prisma AIRS to Secure AI Gateways

🔐 Palo Alto Networks and Portkey have integrated Prisma AIRS directly into Portkey’s AI gateway to embed security guardrails at the gateway level. The collaboration aims to protect applications from AI-specific threats—such as prompt injections, PII and secret leakage, and malicious outputs—while preserving Portkey’s operational benefits like observability and cost controls. A one-time configuration via Portkey’s Guardrails module enforces protections without code changes, and teams can monitor posture through Portkey logs and the Prisma AIRS dashboard.

Arrest in Raid on XSS Forum: Who Was Detained and Why

🔍 Europol and Ukrainian authorities announced the arrest of a 38-year-old suspect tied to the Russian-language XSS crime forum after a July 22, 2025 operation led by French investigators. Authorities say the detainee served as a trusted third party, arbitrating disputes and assuring transaction security for members linked to multiple ransomware groups. Reporting traces forum activity and multiple domain registrations tied to the handle 'Toha', but investigation suggests the arrested man is likely Anton Medvedovskiy rather than alternate identities circulated online. The takedown yielded Jabber server logs and forum backups, prompting a wary, contested relaunch.

Thai Hospital Fined After Patient Records Used as Wrappers

📄 A Thai hospital was fined after more than 1,000 patient records, sent for destruction, were found being used as street-food wrappers for crispy crepes. Thailand’s Personal Data Protection Committee (PDPC) determined the documents leaked following handling by a contracted disposal firm that stored them at a private residence. The hospital was fined 1.21 million baht and the disposal business owner received a separate penalty. The episode highlights failures in secure disposal and vendor oversight.

North Korea’s IT worker scheme infiltrating US firms

🔍 Thousands of North Korean IT workers have used stolen and fabricated US identities to secure roles at Western companies, funneling hundreds of millions of dollars annually to Pyongyang’s military programs. They leverage AI for resumes and cultural coaching, faceswap and VPN tools for video calls, and remote-access setups tied to US-based "laptop farms" run by facilitators who launder paychecks and ship company-issued machines abroad. Recent DOJ raids and the 102-month sentence for Christina Marie Chapman highlight legal, financial and national security risks, including potential sanctions violations.

AggregateIQ Exposure Reveals Canadian Campaign Assets

🔒 The UpGuard Cyber Risk Team discovered an unsecured AggregateIQ (AIQ) code repository containing site backups, API keys, SSL private keys, and other sensitive assets tied to multiple Canadian campaigns and parties. Exposed files included WordPress backups, donation processor keys (Stripe), NationBuilder tokens, and PEM private keys that could enable impersonation or account takeover. The findings illustrate significant third‑party vendor risk and raise regulatory and public‑interest concerns about how AggregateIQ managed client credentials and campaign tooling.

Google rolls out age assurance to protect U.S. youth

🛡️ Over the coming weeks Google will begin a limited U.S. rollout of age assurance, a system designed to distinguish users under 18 from adults and apply age-appropriate protections across its products. For accounts identified as minors Google will enable defaults such as YouTube Digital Wellbeing tools, disable Maps Timeline, turn off personalized advertising, and block adult-only apps on Google Play. The approach combines machine-learning age estimation based on existing account signals with optional age verification — including a government ID or a selfie — when users dispute their estimated age, and Google will notify users and provide options for adult verification.

AggregateIQ Repositories Expose Multiple Brexit Sites

📂 UpGuard's analysis of exposed development repositories from AggregateIQ details source code, backups, and credentials tied to multiple pro-Brexit organizations. The findings show WordPress backups, API keys, Stripe secrets, and scripts used to build and contact supporter lists, with administrative accounts linking AIQ staff to sites such as Vote Leave, Change Britain, and the DUP. Misuse of the exposed assets could have allowed large-scale data access or payment compromise.

Public Exposure of Tetrad Consumer Data Sets in S3

🔓 UpGuard Research discovered a publicly accessible Amazon S3 bucket containing detailed consumer data attributed to Tetrad, including files derived from Experian Mosaic, Claritas/PRIZM, and client-supplied datasets covering over 120 million U.S. household records. The exposure included full names, addresses, gender, Mosaic codes, and retailer account and purchase information. UpGuard notified Tetrad in early February and, after repeated contact, the company removed public access and secured the bucket. The dataset's breadth raises significant privacy and targeted-risk concerns for individuals and communities.

Neoclinical Database Exposed Sensitive Health Data

🔒 UpGuard researchers discovered a publicly accessible MongoDB database belonging to Neoclinical, exposing profiles for 37,170 users in Australia and New Zealand. Records included names, contact details, geocoordinates, dates of birth and structured health-screening answers that revealed diagnoses and treatments. UpGuard notified the company and AWS; access was removed on July 26. The exposure underscores the need for proper access controls and rapid incident response.

AggregateIQ GitLab Leak Reveals Political Targeting Tools

🔓 The UpGuard Cyber Team discovered a publicly accessible GitLab repository belonging to AggregateIQ that exposed code, tools, and credentials used in political data operations. The leak includes an apparent campaign platform called Ripon, state configuration files, voicemail scripts, and integrations for services like Twilio and Facebook. Exposed keys, tokens, and AWS credentials raise risks of misuse and highlight ties between AIQ and Cambridge Analytica that warrant further investigation.

Medico Inc. S3 Misconfiguration Exposes Patient Data

🔓 Medico Inc. left an Amazon S3 bucket publicly accessible, exposing nearly 14,000 documents (approximately 1.7GB) that included medical records, insurance claims, legal files, and internal business data. The UpGuard Data Breach Research Team discovered the bucket on June 20, 2019, and Medico closed it within hours after notification. The dataset contained unredacted PII such as SSNs, bank account numbers, and payment card data, and also included plaintext credentials that could enable further compromise.

Leakzone Elasticsearch Exposure Reveals Visitor IP Logs

🔎 UpGuard discovered an unauthenticated Elasticsearch index containing roughly 22 million web-request records, of which about 95% referenced leakzone.net. The logs included client IP addresses, destination domains, request sizes, geolocation data and ISP metadata, spanning June 25 to discovery on July 18, with about one million requests per day. Analysis found extensive use of public proxies and clustered VPN exit nodes, alongside many one-off IPs likely representing direct users. The dataset raises privacy and operational concerns for visitors, service operators, and investigators.

HCL Exposed New-Hire Passwords and Project Reports

🔓 In May 2019 UpGuard researchers discovered publicly accessible HCL pages that exposed personal information, plaintext passwords for new hires, and detailed project reports. The data was dispersed across multiple subdomains and web UIs, including HR dashboards, recruiting approval panels, and a SmartManage reporting interface. After notifying HCL's Data Protection Officer, the researcher confirmed the anonymous-access pages were taken offline within days. The incident underscores the risk of misconfigured application pages and the importance of clear reporting channels and prompt incident response.

LA County 211 Data Exposure: Emergency Call Records

🔒 The UpGuard Cyber Risk Team discovered an Amazon S3 bucket for LA County 211 that was publicly accessible and contained Postgres backups and CSV exports with sensitive data. A 1.3GB t_contact export included millions of records, roughly 200,000 detailed call notes and 33,000 Social Security numbers, alongside 384 user accounts with MD5-hashed passwords. The exposure dated from 2010–2016; UpGuard notified the service in March–April 2018 and confirmed the bucket was closed within 24 hours of contact.

Robotics Vendor Exposed Sensitive Manufacturing Data

🔓 Level One Robotics left 157 GB of sensitive customer, employee, and corporate files accessible via an unrestricted rsync server, exposing CAD drawings, factory layouts, robotic configurations, NDAs, identity documents, and banking records for over 100 manufacturing clients. UpGuard discovered the exposure on July 1, 2018 and began outreach on July 5; after contact on July 9, Level One remediated the server by July 10. The incident underscores third- and fourth-party supply-chain risk and the need to restrict file-transfer services by IP and authentication, enforce vendor security standards, and maintain rapid exposure-response procedures.

Public S3 Exposure Reveals Sensitive Customer Data at NCF

🔓 On October 3, 2017 UpGuard researcher Chris Vickery discovered a publicly accessible Amazon S3 bucket belonging to National Credit Federation containing 111 GB of internal and customer records. The repository included scanned IDs, Social Security card images, full credit reports from Equifax, Experian, and TransUnion, personalized credit blueprints, and full bank and card numbers. National Credit Federation secured the bucket after notification and UpGuard found no evidence of theft in this report. The case underscores the necessity of validating cloud storage permissions and continuously monitoring third-party risk.

Election Systems & Software Exposed 1.8M Chicago Voters

🔓The database of Omaha-based voting machine vendor Election Systems & Software was left publicly accessible on an Amazon S3 bucket, exposing records for 1.864 million Chicago voters. The exposed MSSQL backups included names, addresses, dates of birth, phone numbers, driver’s license numbers and the last four digits of Social Security numbers. UpGuard discovered the open bucket on Aug 11, 2017 and notified ES&S, which closed access the next day.

Medcall S3 Misconfiguration Exposed Medical Records

🔓 UpGuard disclosed that an unsecured Medcall Healthcare Advisors Amazon S3 bucket exposed roughly 7 GB of sensitive information, including PDF intake forms, CSV files containing full Social Security numbers, and 715 recorded patient-doctor and operator calls. The bucket was publicly readable and writable with an 'Everyone - Full Control' ACL and was taken offline after UpGuard notified Medcall. The case underscores the danger of vendor misconfiguration and third-party exposure of protected health information.