Independent Researcher monitoring exposed data online and alerting the owners of the exposures.
Information is provided upfront, for free, I do not charge or ask any fees.
Interested in what I do? My PMs are open.
| Substack | https://jltee.substack.com/ |
| Index of my public finds | https://jltee.substack.com/p/the-hub-of-stupi-misconfigs-index |
| Contact | PM for Signal |
PostMortem: Assumed DOJ Montana Leak of Phone Dumps
Type of leak
Highly confidential information on a public SMB share without authentication
Threats from the leak
I see the following threats:
1/4
As much as I generally detest claims that something should be a wake-up call, @lawrenceabrams response to @cybernews "16 billion" story really should be a wake-up call for any news outlets who repeat any claims of discovered leaks or breaches by Cybernews.
DataBreaches.net will no longer link to Cybernews unless there is some reliable source that confirms that their claims are accurate and that they are not just reporting on leaks that they haven't even seriously tried to get locked down before they report on it.
#journalism #databreach #dataleak #infostealers #passwords #hype #clickbait #ethics
News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.
Oh, and there are over 1 billion info-stealer records exposed at the moment between a couple of IPs. This is so common, I'm surprised this was even on the news in the last few weeks for a rather small server.
180 million is really on the low end of what usually shows up exposed. I've seen servers with over 3.5 billion logs running before being wiped by wiperware.
#cybersecurity #infosec #responsibledisclosure #threatintel #readyouremail
Some wild things I found exposed recently that I am actively trying to close down:
1) πΊπΈ Criminal Defense firm with archived case files exposed (evidence, discovery, court docs, etc) includes crash reports with dead people - Contacted the Law firm last week and nothing done.
2) πΊπΈ Phone extracts for multiple cases that have been on the news, including a case of a cop suicide, sexual abuse cases - Looking at who to notify about this one, being extra careful as the file listing suggests illegal stuff gathered as evidence might be exposed on it.
3) π³πΏ A database backup with a table that includes someone's diary, with a lot of entries about their sexual life.
This backup also includes ~1,500 logins for a police association on other tables and credentials to multiple companies & websites - Contacted higher-ups in the police association for help identifying who is responsible, but so far, no reply.
Just a few more servers to add to the list of dozens of pending cases. Will start escalating contacts until stuff gets fixed.
#cybersecurity #infosec #responsibledisclosure #threatintel #readyouremail
Out of the 68,000 endpoints I've scanned for this service, it seems at least 5,200 of them have been hit (at least 1 file with .want_to_cry ext).
Likely an automated script just encrypting whatever it can, and is currently still going. I saw endpoints encrypted less than 24 hours ago (see image).
The latest ransom note on the server (other notes have been encrypted by the group that came after π) claims the company can pay $400 to get their previously encrypted files. Sounds like a great deal to me.
US insurance company Triangle Insurance had two decades' worth of files exposed publicly.
Over 500,000 files: Insurance claims, email backups, and more were exposed for years.
Special thanks to @PogoWasRight for helping on this one, as the company wasn't reading my notifications.
Read more about it here: https://jltee.substack.com/p/two-decades-of-triangle-insurance-documents-exposed
#cybersecurity #infosec #leak #dataleak #insurance #unitedstates #us #data #cloud #exposed #threatintel
Found 20,000 Id & Tax cards, email backups, and more exposed publicly on a cloud storage server.
The server belonged to Leroy Merlin Italian Branch, which quickly fixed the issue after I notified them.
Read more about it here: https://jltee.substack.com/p/20000-files-from-leroy-merlin-italian-branch-clients-exposed-publicly
#cybersecurity #infosec #data #dataleak #leak #security #privacy #italy #italia #leroymerlin #cloud
Has anyone in my circles have any contact to sistecredito (https://www.sistecredito.com/) in Colombia?
No matter what I do, they still seem to be leaking data on millions of customers to anyone on the Internet.
I have been unable to establish a bidirectional contact with them. I informed the CERT in Colombia and tried to alert other officials. So far with little results (but lots of work for me).
What do I see:
Martin Seeger
Dissent Doe 
