One other safety lapse has breached customers’ privateness because the researchers found an unsecured database. This incident associated to the Theta360 breach, the place the agency leaked thousands and thousands of customers’ pictures from their database.
Theta360 Breach Uncovered Customers’ Images
The hacktivists duo from VPNMentor, Noam Rotem and Ran Locar, come throughout one other unprotected database leaking person information. This time, they unveil the Theta360 breach, reporting how the agency uncovered customers’ pictures by way of an unsecured database.
As acknowledged in a blog post, the leaky database uncovered at the very least 11 million personal and public pictures of the customers.
We might entry greater than 11 million unencrypted posts from Theta360’s database.
Whereas the leaked data didn’t embody some other private information, it did embody the customers’ names and captions. Exactly, the breached particulars included names, usernames, UUID (Common Distinctive Identifier) of each {photograph}, caption, and privateness settings. Anybody gaining access to the database might use these particulars to seek out extra in regards to the customers. Because the researchers acknowledged,
By inserting the UUID of the photographs into the Elasticsearch database, we might entry any uncovered photographs. In some circumstances, we might simply join the usernames within the database to the person’s social media account… Moreover, utilizing the identical strategies, we might entry photographs from customers’ personal profiles.
In addition to, they might additionally view the ‘unlisted’ person profiles and associated personal photographs.
Database Now Closed
The researchers discovered the uncovered Theta 360 database on Might 14, 2019. The very subsequent day, they knowledgeable the agency of the breach. Theta360 promptly responded to their report. Consequently, the database went offline on Might 16, 2019. The researchers duly respect the agency’s promptness in dealing with the matter – one thing not quite common to companies.
Not too long ago, the duo had additionally reported the security lapse at Freedom Mobile. That point, the agency left 5 million information uncovered on the unprotected database.
