Blog Posts
Marketing and Email Data Platform Exposed Over 40 Billion Records Online
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained approximately 40 billion records (totaling 13 TB). These included bank notifications, employment-related messages, account verification emails, and marketing messages. The publicly exposed database was not...
Invoicing and Billing Platform Exposed Nearly 180 Thousand Records Containing PII and Payment Information
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained nearly 180k files. These included invoices, images of checks and banking information, tax documents, and more. The publicly exposed database was not password-protected or encrypted. It contained 178,519 files in xlsx,...
Home Healthcare Provider Exposed Nearly 150,000 Records Containing Patient Health Information
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained approximately 145k files (totaling 23 GB). These included assessments, home health certifications, plan of care documents, discharge forms, and internal documents exposing PHI. The publicly exposed database was not...
Auto Insurance Platform Exposed Over 5 Million Records Including Documents Containing PII
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 5.1 million files totaling 10 TB. These included powers of attorney, vehicle registrations, estimates, repair invoices, and images of damaged vehicles with visible license plates and VIN numbers. The publicly exposed...
Gym Communications Platform Exposed 1.6 Million Calls and Voicemails Containing the PII of Top Fitness Centers Members
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 1.6 million audio files. These recordings included internal phone calls and messages that provided members' names, phone numbers, and other potentially sensitive information. The publicly exposed database was not...
Internal Backup Files of Credit Union Serving Armed Forces Exposed in Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 378 GB of backup data. The data contained references to the largest credit union serving military members and their families.The database held storage locations, keys, hashed passwords, and other internal potentially...
Nearly a Million Records, Including Identification Documents and Health Data Exposed in Medical Marijuana Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 957,434 records. The database belongs to an Ohio-based organization that helps individuals obtain physician‑certified medical marijuana cards. The database held PII, drivers licenses, medical records, documents containing...
Data Hygiene and Enhancement Service Exposed PII in Data Breach
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 38 GB of CSV and PDF files. Collectively, the exposed spreadsheets displayed hundreds of thousands of names, physical addresses, phone numbers, email addresses, and other potentially sensitive information. The publicly...
Over 170k Records, Including PII Exposed in Real Estate Investment and Management Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 170,360 records. The database, which presumably belongs to a real estate management and investment company, held PII, SSNs, and other internal potentially sensitive information. The publicly exposed database was not...
Suspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 184 million login and password credentials. The publicly exposed database was not password-protected or encrypted. It contained 184,162,718 unique logins and passwords, totaling a massive 47.42 GB of raw credential data. In a...
Thousands of Driver’s Licenses, Bank Documents & PII Exposed in Australian Fintech Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 27,000 records belonging to Vroom by YouX — an Australia-based Fintech company that facilitates automotive financing. The publicly exposed Amazon S3 database was not password-protected or encrypted. It contained 27,000 records,...
Nearly 1 Million Records Exposed In Multiple Airport Lost and Found Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 820,750 records belonging to Lost and Found Software — a Germany based company offering lost and found tracking and return services for multiple airports in the US, Canada, and Europe. I recently discovered a single publicly exposed...
Hundreds of Thousands of Records Exposed Online in FinTech Bill Pay Platform Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained over 240,000 records belonging to Willow Pays — a payment software company offering AI software solutions to allow users to finance bills and other payments. The publicly exposed database was not password-protected or encrypted. It...
One of the Biggest Website Hosting Providers, DreamHost, Leaked 814 Million Records Online Including Customer Data
A database owned by DreamHost, DreamPress managed WordPress hosting, was publically accessible online. 3 Years of DreamPress Customer and User Data Exposed Online On April 16th, 2021 security researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained just under one billion records. The exposed...
Over 600,000 Records, Including Background Checks, Vehicle, and Property Records Exposed Online by an Information Service Provider
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained more than 600K records belonging to SL Data Services/Propertyrec — an information research provider that offers real estate ownership data and criminal records search information. The publicly exposed database was not...