GriffOct 15
Dissent Doe  

NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records – DataBreaches.Net

In a special edition of “No need to hack when it’s leaking,” DataBreaches reports on a software vendor that, despite multiple attempts by multiple parties, cont

DataBreaches.Net
Oct 13 at 7:56pmWeb
Show threadDorothea SaloOct 13
@PogoWasRight Unfuckingbelievable. These people are 🤡 .
Show threadEm Oct 13
@PogoWasRight This is horrifying.
Show threadKzad_BhatOct 13
@Em0nM4stodon @PogoWasRight buckle up buttercup these folks are smarter than the average that the fascists are keeping on so its gonna get hella worse before better.
Show threadSolithaOct 14
@PogoWasRight This seems like something @ProPublica might be able to bring attention to.
Show threadDissent Doe  Oct 14
@solitha That would be great. I'd love for @ProPublica to pick this up and run with it.
Show threadSolithaOct 14

@PogoWasRight They have a tip link in their bio... drop them what you know and see if they pick it up. It's a pretty serious breach, and they tend to get gov't action on what they uncover.

@ProPublica

Show threadBoyd Stephen Smith Jr.Oct 14
@solitha @PogoWasRight If not them, then maybe @404mediaco might want to let their readers know.
Show threadLoyaltyCabinetOct 14
For those skimming the replies to check the name of the company, it's Software Unlimited Corp in Tupelo, Mississippi
Show threadChris BussardOct 15

@PogoWasRight @zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

Hey, try getting in contact with court administration in the affected jurisdictions. Even though it's not their vendor, they're going to care about the sealed stuff being open to the public, and possibly sic angry judges on someone over it.

Show threadDissent Doe  Oct 15

@cwbussard

We DID contact the court administration. We started with that -- including one email directly to a judge who had just issued a sealed order that was exposed.

And we know at least one court clerk forwarded the message to the state court security system, because they then contacted me. But then even they didn't follow up.

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

Show threadJason CooperOct 15

@PogoWasRight @zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs @north Added someone with experience in these matters. The legal software industry might as well be the poster child for security through obscurity. Court admins tend to get somewhat irate when you start asking questions or just ignore you. Developer pay in that segment is horrible and the court server/app admin pay is even worse. Companies like to pretend that the general public doesn't know the software exists. Oh and they all think you have no business questioning anything unless you're a member of the bar.

They say academia is an ivory tower but the legal profession can be much worse.

Show threadClaude FlammangOct 15
@PogoWasRight @zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
Really curious how the impacted courts did respond when confronted with the fact that their „confidential“ documents are freely accessible on the internet.
Show threadDissent Doe  Oct 15

@claude_flammang

For the most part, no replies at all.

I really hope some bigger news outlet or gov agency picks up this story and pursues it to get any exposed shares locked down and everyone investigated for their failures to detect the exposed shares and to respond to alerts from multiple parties.

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

Show threada1Oct 15
@PogoWasRight @zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs Holy Moly. That's unbearable.