![]() “As the trouble shooting by our technical guys are still ongoing, we assume that it may take a few days. I received a follow-up email on October 19th and acknowledgment of my notification that said: Public access was restricted shortly after my notice. The following day I got a reply that my message was forwarded and someone would be getting back to me. I immediately sent a responsible disclosure notice of my findings. Very quickly there was enough evidence in the data to trace it back to Fotor, a multi-platform photo editing tool. In this particular case it was easy to find the owner of the database because all of the folders contained the name “Fotor”. I have discovered many records where I knew they contained something sensitive but couldn’t figure out who to report the findings to. Many times companies or organizations will try to make their data anonymous or encrypt the records. Often it can take a very long time to research who is responsible for the exposed data and how to contact them. The most disturbing part of the discovery was a massive collection of 13 million user records that included their names, email addresses, user ID numbers in plain text. ![]() There was a total of more than 123 million records exposed that contained a combination of test and production data. On October 15th I discovered a non-password protected database that contained a large number of internal records. Secure Thoughts collaborated with Security Expert Jeremiah Fowler to expose a massive leak of user information by a photo editing application. Here are his findings:
0 Comments
Leave a Reply. |