Blog Posts
Gym Communications Platform Exposed 1.6 Million Calls and Voicemails Containing the PII of Top Fitness Centers Members
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 1.6 million audio files. These recordings included internal phone calls and messages that provided members' names, phone numbers, and other potentially sensitive information. The publicly exposed database was not...
Internal Backup Files of Credit Union Serving Armed Forces Exposed in Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 378 GB of backup data. The data contained references to the largest credit union serving military members and their families.The database held storage locations, keys, hashed passwords, and other internal potentially...
Nearly a Million Records, Including Identification Documents and Health Data Exposed in Medical Marijuana Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 957,434 records. The database belongs to an Ohio-based organization that helps individuals obtain physician‑certified medical marijuana cards. The database held PII, drivers licenses, medical records, documents containing...
Data Hygiene and Enhancement Service Exposed PII in Data Breach
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 38 GB of CSV and PDF files. Collectively, the exposed spreadsheets displayed hundreds of thousands of names, physical addresses, phone numbers, email addresses, and other potentially sensitive information. The publicly...
Over One Million Records Exposed in Data Breach Involving Adoption Agency
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 1,115,061 records. The database was associated with a well-known adoption agency, holding the names of children, birth parents, adopted parents, employees, leads, and other internal potentially sensitive...
Over 170k Records, Including PII Exposed in Real Estate Investment and Management Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 170,360 records. The database, which presumably belongs to a real estate management and investment company, held PII, SSNs, and other internal potentially sensitive information. The publicly exposed database was not...
Suspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 184 million login and password credentials. The publicly exposed database was not password-protected or encrypted. It contained 184,162,718 unique logins and passwords, totaling a massive 47.42 GB of raw credential data. In a...
Over 20 Thousand Medical Records With PII and Patient Info Exposed in Health Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 21,344 records. The publicly exposed database was not password-protected nor encrypted. It contained 21,344 records with a total size of 6.99 GB. The name of the database indicated that it was an FTP storage repository. In a...
Thousands of Driver’s Licenses, Bank Documents & PII Exposed in Australian Fintech Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 27,000 records belonging to Vroom by YouX — an Australia-based Fintech company that facilitates automotive financing. The publicly exposed Amazon S3 database was not password-protected or encrypted. It contained 27,000 records,...
Thousands of Records, Including PII, Exposed Online in Healthcare Marketplace Connecting Facilities and Nurses Data Leak
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained over 86,000 records belonging to ESHYFT — a New-Jersey-based HealthTech company that operates in 29 states. It offers a mobile app platform that connects healthcare facilities with healthcare workers, including Certified Nursing Assistants...
Nearly 1 Million Records Exposed In Multiple Airport Lost and Found Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 820,750 records belonging to Lost and Found Software — a Germany based company offering lost and found tracking and return services for multiple airports in the US, Canada, and Europe. I recently discovered a single publicly exposed...
1.6 Million Clinical Research Records With PII and Patient Medical Info Exposed in Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained over 1.6 million records belonging to DM Clinical Research — a Texas-based network of clinical trial sites that partners with pharmaceutical companies and medical organizations to conduct research studies and surveys. The publicly...
Hundreds of Thousands of Records Exposed Online in FinTech Bill Pay Platform Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained over 240,000 records belonging to Willow Pays — a payment software company offering AI software solutions to allow users to finance bills and other payments. The publicly exposed database was not password-protected or encrypted. It...
One of the Biggest Website Hosting Providers, DreamHost, Leaked 814 Million Records Online Including Customer Data
A database owned by DreamHost, DreamPress managed WordPress hosting, was publically accessible online. 3 Years of DreamPress Customer and User Data Exposed Online On April 16th, 2021 security researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained just under one billion records. The exposed...
Development Platform Builder.ai Exposed Over 1.2 TB of Data Containing More Than 3 Million Records
Cybersecurity researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained more than 3 million records belonging to Builder.ai — a London-based company offering AI software and app development solutions without any technical knowledge or coding skills. The publicly exposed database was not...