eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

214
active users

#misconfiguration

1 post1 participant0 posts today
Hackread.com<p>Over 3.5 million customer records from Australian global fashion brand <a href="https://mstdn.social/tags/SABO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SABO</span></a> were exposed online containing over 292GB database without any security authentication or encryption.</p><p>🔗 <a href="https://hackread.com/global-fashion-label-sabo-customer-records-leaked" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/global-fashion-la</span><span class="invisible">bel-sabo-customer-records-leaked</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://mstdn.social/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a> <a href="https://mstdn.social/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a> <a href="https://mstdn.social/tags/Misconfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Misconfiguration</span></a></p>
Dissent Doe :cupofcoffee:<p>In August 2020, <span class="h-card" translate="no"><a href="https://infosec.exchange/@SchizoDuckie" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>SchizoDuckie</span></a></span> and I published what was to become the first of a series of articles or posts called "No Need to Hack When It's Leaking."</p><p>In today's installment, I bring you "No Need to Hack When It's Leaking: Brandt Kettwick Defense Edition." It chronicles efforts by <span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>JayeLTee</span></a></span>, <span class="h-card" translate="no"><a href="https://infosec.exchange/@masek" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>masek</span></a></span>, and I to alert a Minnesota law firm to lock down their exposed files, some of which were quite sensitive.</p><p>Read the post and see how even the state's Bureau of Criminal Apprehension had trouble getting this law firm to respond appropriately. </p><p><a href="https://databreaches.net/2025/07/04/no-need-to-hack-when-its-leaking-brandt-kettwick-defense-edition/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/07/04/no</span><span class="invisible">-need-to-hack-when-its-leaking-brandt-kettwick-defense-edition/</span></a></p><p>Great thanks to the Minnesota Bureau of Criminal Apprehension for their help on this one, and to <span class="h-card" translate="no"><a href="https://infosec.exchange/@TonyYarusso" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>TonyYarusso</span></a></span> and <span class="h-card" translate="no"><a href="https://hachyderm.io/@bkoehn" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bkoehn</span></a></span> for their efforts. </p><p><a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataleak</span></a> <a href="https://infosec.exchange/tags/misconfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>misconfiguration</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/incidentmanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentmanagement</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/securityalert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityalert</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Hackread.com<p>🚨 A massive 1.17TB unprotected database from IoT grow light company Mars Hydro has exposed billions of records, including Wi-Fi passwords, IPs, device IDs and more. 🔓</p><p>Read: <a href="https://hackread.com/1tb-data-leak-expose-billions-iot-grow-light-records/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/1tb-data-leak-exp</span><span class="invisible">ose-billions-iot-grow-light-records/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IoT</span></a> <a href="https://mstdn.social/tags/Misconfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Misconfiguration</span></a> <a href="https://mstdn.social/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a></p>
Dissent Doe :cupofcoffee:<p>About two hours after I posted our article on <a href="https://infosec.exchange/tags/KillSec3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KillSec3</span></a> trying to extort its victims using publicly leaked data, there was a <a href="https://infosec.exchange/tags/DDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DDoS</span></a> attack on my site.</p><p>Gosh, it must be just a coincidence, right? 🤔 </p><p>If you didn't read the post yet, you can read it here:</p><p><a href="https://databreaches.net/2024/12/08/is-killsec3-trying-to-extort-victims-using-publicly-leaked-data/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2024/12/08/is</span><span class="invisible">-killsec3-trying-to-extort-victims-using-publicly-leaked-data/</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraud</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/misconfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>misconfiguration</span></a> <a href="https://infosec.exchange/tags/exposed_data" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exposed_data</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>JayeLTee</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@chum1ng0" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>chum1ng0</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@bucketchallenge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bucketchallenge</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@amvinfe" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>amvinfe</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@lawrenceabrams" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lawrenceabrams</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>briankrebs</span></a></span></p>
Dissent Doe :cupofcoffee:<p>Bolton Walk-In Clinic in Ontario: lock down your backup already!</p><p>DataBreaches hates reporting on an incident when the entity has not yet secured misconfigured storage, but after four months of futile efforts to get a Canadian clinic to respond to responsible disclosures, maybe publication will help get them off the dime.</p><p>Do any personal injury lawyers in Ontario, Canada, or folks in the Information and Privacy Commissioner of Ontario follow me? Maybe they can get something done. </p><p>Read more at: <br><a href="https://databreaches.net/2024/12/03/bolton-walk-in-clinic-in-ontario-lock-down-your-backup-already/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2024/12/03/bo</span><span class="invisible">lton-walk-in-clinic-in-ontario-lock-down-your-backup-already/</span></a></p><p><a href="https://infosec.exchange/tags/misconfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>misconfiguration</span></a> <a href="https://infosec.exchange/tags/error" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>error</span></a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>healthsec</span></a> <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataleak</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/exposure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exposure</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a> <br><a href="https://infosec.exchange/tags/DontCallMeHoney" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DontCallMeHoney</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brett</span></a></span></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>JayeLTee</span></a></span> This is why sometimes it's not enough to just disclose responsibly to an entity. Did you let the data protection regulator know that although the entity is claiming 4-day exposure window, your research found it was almost a year? And did you tell the data protect regulator that the entity is reportedly telling some departments that their data was not exposed, when you found clear proof that it was? </p><p><span class="h-card" translate="no"><a href="https://xn--baw-joa.social/@lfdi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lfdi</span></a></span> </p><p><a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/transparency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>transparency</span></a> <a href="https://infosec.exchange/tags/accountability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>accountability</span></a> <a href="https://infosec.exchange/tags/dataprotection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataprotection</span></a> <a href="https://infosec.exchange/tags/misconfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>misconfiguration</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Scary" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Scary</span></a></span> Nice to see you here! Hope to see you posting/sharing more of your research. </p><p>When you say Alltech was flagged around 11 times before closing, what exactly do you mean by that? </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/misconfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>misconfiguration</span></a> <a href="https://infosec.exchange/tags/leak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leak</span></a></p>