All news with #pii tag

Mass Facebook App Data Exposed in Two Third-Party Leaks

🔓 Two third-party Facebook app datasets were publicly exposed via misconfigured Amazon S3 buckets, including a 146 GB collection from Cultura Colectiva containing over 540 million records of comments, likes, reactions, account names and Facebook IDs. A separate backup from the At the Pool app contained fields such as fb_friends, fb_likes, fb_photos and plaintext passwords for roughly 22,000 users. UpGuard notified the app owners and AWS in January; the larger bucket was not secured until early April after media inquiry. These exposures highlight enduring risks from third-party access to platform data and misconfigured cloud storage.

Exposed rsync Server Leaks Oklahoma Securities Data

🔒UpGuard discovered and secured a publicly accessible rsync server holding roughly three terabytes and millions of files belonging to the Oklahoma Department of Securities. The exposed content included personal records, large email archives, virtual machine images, investigative files, and administrative credentials that threatened the agency’s network integrity. UpGuard notified state personnel and public access was removed on December 8, 2018.

Exposure of Russian Telecom Infrastructure: MTS and Nokia

🔒 UpGuard secured a 1.7 TB repository that had been publicly accessible via an rsync server, containing schematics, administrative credentials, email archives, photographs, and installation materials tied to Russian telecommunications infrastructure. The dataset appears to primarily implicate Nokia and MTS, and includes detailed documentation for the SORM lawful-intercept system. UpGuard notified vendors and regulators and the files were taken offline after disclosure, though the exposure presented serious national security risks.

Pentagon Cloud Leak Exposes Billions of Scraped Posts Globally

🔒 UpGuard discovered three publicly accessible AWS S3 buckets—centcom-backup, centcom-archive, and pacom-archive—containing years of scraped internet content. The stores included at least 1.8 billion posts, Lucene search indexes, and developer configuration referencing VendorX, Outpost, and Coral. UpGuard notified the Defense Department, and access was subsequently secured.

The RNC Files: Largest US Voter Data Exposure Report

🔓 This UpGuard report describes a publicly accessible Amazon S3 data warehouse owned by Deep Root Analytics that contained 1.1 TB of unsecured files and linked datasets from Data Trust and TargetPoint. The exposed records included personally identifiable information for up to 198 million US voters alongside modeled political attributes and scoring. UpGuard discovered the bucket on June 12, 2017; Deep Root secured it after notification, and the report details discovery, contents, and implications for election data privacy.

Attunity S3 Buckets Exposed Internal Data and Credentials

🔒 An UpGuard researcher discovered three publicly accessible Amazon S3 buckets tied to Attunity (now part of Qlik) that contained a large collection of internal business documents and backups. The researcher sampled roughly one terabyte of data, including about 750 GB of compressed email backups, plus OneDrive backups, system credentials, private keys, and employee records. UpGuard notified the vendor on May 16, 2019, and public access to the buckets was removed the following day.

Accenture Cloud Buckets Exposed Sensitive Credentials

🔓 UpGuard disclosed that Accenture left four Amazon S3 buckets publicly accessible, exposing sensitive Accenture Cloud Platform data including API keys, certificates, plaintext passwords, and private keys. The buckets — labeled acp-deployment, acpcollector, acp-software, and acp-ssl — contained credentials, VPN keys, logs, and large database dumps that included client information. After discovery on September 17, 2017, UpGuard notified Accenture and the buckets were secured the following day. This incident underscores how misconfigured cloud storage can endanger both vendors and their customers.

Cloud Leak Exposes Millions of Dow Jones Customer Records

🔒 A cloud-based file repository owned by Dow Jones & Company was discovered publicly accessible, exposing sensitive subscriber and corporate intelligence data. The repository, an AWS S3 bucket configured to allow any AWS "authenticated user," contained names, addresses, emails, customer IDs and the last four digits of credit cards for millions of accounts. Dow Jones confirmed 2.2 million affected; UpGuard estimated the exposure could encompass up to four million records. The bucket was secured after discovery, but delayed notification reduced victims' ability to mitigate risk.

Exposed rsync Server Leaked Oklahoma Securities Data

🔓 UpGuard's Data Breach Research team discovered and secured a publicly accessible rsync storage server containing data belonging to the Oklahoma Department of Securities. The exposure included approximately 3 TB and millions of files spanning 1986–2016, including email archives, virtual machine images, system credentials, and personal records. UpGuard identified the host via Shodan, notified state officials, and public access was removed the same day.

Alteryx Cloud Leak: 123M U.S. Household Records Exposed

🔓 UpGuard discovered a publicly exposed AWS S3 repository tied to Alteryx that contained a 36 GB ConsumerView dataset from Experian alongside 2010 US Census data. The exposure included over 123 million U.S. household records with detailed demographics, financial indicators, and proprietary segmentation that increased risk of fraud and identity theft. After notification, Alteryx secured the bucket; UpGuard highlights vendor-risk management and continuous monitoring to prevent similar incidents.

Misconfigured rsync Leak Exposes One Million Education Leads

🔓 UpGuard's Cyber Risk Team discovered an exposed rsync repository tied to subsidiaries of Blue Chair LLC, including Target Direct Marketing, that revealed PII for over one million individuals seeking higher education information. The publicly accessible server included daily MySQL backups and website files, with names, emails, phone numbers and education-related lead fields. The exposure resulted from an rsync misconfiguration and highlights the need for strong vendor risk controls, data retention policies and restricted backup access.

Exposed Facebook User Data from Third-Party Apps Found

🔒Two exposed third-party Facebook app datasets were discovered publicly accessible, including a 146 GB dump from Cultura Colectiva containing over 540 million records of comments, likes, reactions, account names and Facebook IDs. A separate At the Pool backup held profile fields and plaintext passwords for roughly 22,000 users. Both data sets resided in publicly readable Amazon S3 buckets, illustrating how misconfigured storage and long-lived third-party copies of user data create persistent leakage risk.

Alteryx Cloud Leak Exposes Data on 123M Households

🔒 UpGuard discovered an Amazon S3 bucket at the subdomain 'alteryxdownload' that was misconfigured to allow any AWS 'Authenticated Users' to download its contents. The repository included Alteryx software and a 36 GB ConsumerView dataset from Experian containing 123 million household records and 248 fields. A separate file held public 2010 US Census data. Alteryx secured the bucket after notification, underscoring vendor and cloud configuration risk.

Cloud Leak Exposes Millions of Dow Jones Customer Records

🔒 A cloud-based file repository owned by Dow Jones & Company was discovered publicly accessible, exposing sensitive personal and financial details for millions of customers. UpGuard researcher Chris Vickery located an AWS S3 bucket under the subdomain dj-skynet on May 30, 2017; Dow Jones secured the repository on June 6 after notification. Exposed material included names, addresses, account identifiers, login emails, the last four digits of credit cards, and 1.6 million entries tied to Dow Jones Risk and Compliance products, illustrating the dangers of cloud misconfiguration.

Data Warehouse Vendor Publicly Exposed a Terabyte of Backups

🔒 An UpGuard researcher discovered three publicly accessible Amazon S3 buckets tied to Attunity, a data integration vendor now part of Qlik. One bucket contained a sampled terabyte of backups, including roughly 750 GB of compressed email archives and OneDrive backups with system credentials, project documents, client lists, and employee PII. The researcher notified the vendor on May 16, 2019, and public access was removed the following day. The incident highlights how backup misconfigurations can expose credentials and sensitive corporate and customer data.

Massive CENTCOM/PACOM Cloud Leak Exposes Billions of Data

🔍 UpGuard discovered three publicly accessible Amazon S3 buckets associated with CENTCOM and PACOM that contained a vast corpus of scraped internet posts. One bucket alone held an estimated 1.8 billion records spanning 2009–2017, including news articles, forum threads, comment sections and social media posts. Configuration files and folders referenced a contractor, VendorX, and projects named Outpost and Coral, while Lucene indexes indicated the data was organized for search. UpGuard notified the Defense Department and the buckets were secured.

Exposure of RNC Voter Data from Deep Root Analytics

🔓 UpGuard’s Cyber Risk Team discovered a publicly accessible Amazon S3 bucket belonging to Deep Root Analytics that contained roughly 1.1 TB of voter-related data tied to an estimated 198 million U.S. voters. The exposed files referenced Republican contractors TargetPoint Consulting and Data Trust and included names, dates of birth, addresses, phone numbers, voter registration details, and billions of modeled attributes used for political microtargeting. After notification and federal involvement, the bucket was secured and public access was removed.

Task scams: Don't pay to get paid — warning for jobseekers

⚠️ Task scams are rising employment frauds that lure jobseekers with easy micro-tasks and visible “earnings,” then pressure victims to pay to unlock funds. The schemes use gamification, spoofed sites and messaging apps, often asking for cryptocurrency deposits or “level-up” fees. Victims see initial fake gains, then lose payments with no recourse. Always verify recruiters and never pay upfront.

Google Open-Sources ZKP Libraries for Age Assurance

🛡️ Google has open sourced its Zero-Knowledge Proof (ZKP) libraries to accelerate privacy-preserving digital ID and age-assurance solutions. Developed with Sparkasse, the release enables people to prove attributes (for example, that they are over 18) without sharing any other personal data. By making a performant ZKP codebase available, Google aims to help developers, researchers, businesses, and governments integrate privacy-first flows, including use cases for the European EUDI Wallet.

Secure Age Assurance for Europe and Global Internet

🔒 Google outlines a privacy-forward approach to online age assurance that emphasizes interoperability and targeted protections for children, teens, and parents. The post highlights the new Credential Manager API on Android, which enables sites and apps to request only necessary age information from trusted credential holders. Backed by zero-knowledge proofs, the system can verify age thresholds (for example, over 18) without exposing identity or additional personal data. Google urges standards development and cross-sector collaboration to extend and adopt this secure infrastructure.