Millions of sensitive data points have been exposed on an unprotected server.
Security Discovery researcher, Bob Diachenko, discovered an Elastic database that was not password protected and thus visible on the internet. Further investigation revealed that the database belonged to Game Golf.
The compromised information included usernames, passwords, emails and Facebook login information as well as details on “134 million rounds of golf, 4.9 million user notifications and 19.2 million records in a folder called ‘activity feed’” said Jeremiah Fowler, a senior security researcher at Security Discovery.
It remains unclear how long the data was exposed and who may have had access to it. It was also identified that the database contained network information for the company including IP addresses, ports, pathways and storage information which cybercriminals could exploit to gain deeper access into the network.
“When combined this data could theoretically create a more complete profile of the user and adding additional privacy concerns. This incident once again raises this issue of how applications gather and store user data.”
“It is unclear if this data incident was reported to users who may have been affected or the California Attorney General’s Office.”
The database is no longer publicly accessible.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.