Blog Posts
Invoicing and Billing Platform Exposed Nearly 180 Thousand Records Containing PII and Payment Information
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained nearly 180k files. These included invoices, images of checks and banking information, tax documents, and more. The publicly exposed database was not password-protected or encrypted. It contained 178,519 files in xlsx,...
Pet Insurance Provider Exposed PII of Humans and Pets in Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 158 GB of data. The data included pet insurance claims, veterinary bills, and customer communications that detailed names, physical and email addresses, phone numbers, and partial credit card numbers. The publicly...
Home Healthcare Provider Exposed Nearly 150,000 Records Containing Patient Health Information
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained approximately 145k files (totaling 23 GB). These included assessments, home health certifications, plan of care documents, discharge forms, and internal documents exposing PHI. The publicly exposed database was not...
Auto Insurance Platform Exposed Over 5 Million Records Including Documents Containing PII
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 5.1 million files totaling 10 TB. These included powers of attorney, vehicle registrations, estimates, repair invoices, and images of damaged vehicles with visible license plates and VIN numbers. The publicly exposed...
Gym Communications Platform Exposed 1.6 Million Calls and Voicemails Containing the PII of Top Fitness Centers Members
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 1.6 million audio files. These recordings included internal phone calls and messages that provided members' names, phone numbers, and other potentially sensitive information. The publicly exposed database was not...
Internal Backup Files of Credit Union Serving Armed Forces Exposed in Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 378 GB of backup data. The data contained references to the largest credit union serving military members and their families.The database held storage locations, keys, hashed passwords, and other internal potentially...
Nearly a Million Records, Including Identification Documents and Health Data Exposed in Medical Marijuana Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 957,434 records. The database belongs to an Ohio-based organization that helps individuals obtain physician‑certified medical marijuana cards. The database held PII, drivers licenses, medical records, documents containing...
Data Hygiene and Enhancement Service Exposed PII in Data Breach
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 38 GB of CSV and PDF files. Collectively, the exposed spreadsheets displayed hundreds of thousands of names, physical addresses, phone numbers, email addresses, and other potentially sensitive information. The publicly...
Over One Million Records Exposed in Data Breach Involving Adoption Agency
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 1,115,061 records. The database was associated with a well-known adoption agency, holding the names of children, birth parents, adopted parents, employees, leads, and other internal potentially sensitive...
Over 170k Records, Including PII Exposed in Real Estate Investment and Management Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 170,360 records. The database, which presumably belongs to a real estate management and investment company, held PII, SSNs, and other internal potentially sensitive information. The publicly exposed database was not...
Suspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 184 million login and password credentials. The publicly exposed database was not password-protected or encrypted. It contained 184,162,718 unique logins and passwords, totaling a massive 47.42 GB of raw credential data. In a...
Over 20 Thousand Medical Records With PII and Patient Info Exposed in Health Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 21,344 records. The publicly exposed database was not password-protected nor encrypted. It contained 21,344 records with a total size of 6.99 GB. The name of the database indicated that it was an FTP storage repository. In a...
Thousands of Driver’s Licenses, Bank Documents & PII Exposed in Australian Fintech Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 27,000 records belonging to Vroom by YouX — an Australia-based Fintech company that facilitates automotive financing. The publicly exposed Amazon S3 database was not password-protected or encrypted. It contained 27,000 records,...
Thousands of Records, Including PII, Exposed Online in Healthcare Marketplace Connecting Facilities and Nurses Data Leak
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained over 86,000 records belonging to ESHYFT — a New-Jersey-based HealthTech company that operates in 29 states. It offers a mobile app platform that connects healthcare facilities with healthcare workers, including Certified Nursing Assistants...
Nearly 1 Million Records Exposed In Multiple Airport Lost and Found Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 820,750 records belonging to Lost and Found Software — a Germany based company offering lost and found tracking and return services for multiple airports in the US, Canada, and Europe. I recently discovered a single publicly exposed...