When you use an app or service it creates a relationship of trust with that company. I am not implying that their users are in imminent danger, but there are real risks to their online privacy. The Risk of This Exposureĭata exposures happen to companies big and small and users often have no control over how their data is collected or stored. This is the first time someone has offered me a free subscription for a service that has just exposed the inner workings of their business, internal network data, and user data online as a reply to my responsible disclosure notification. Having a bug bounty or reward program is a common-sense solution to have outside eyes on your network and it is how many security researchers fund their work. It is always good to see a company that values data security, online privacy, and understands bug bounties or discovery rewards are a common practice. You are free to either subscribe yourself or send it to a friend”. Meanwhile, in order to express our appreciation to your alert in a timely manner, we’d like to offer each of you a redeem code for an annual subscription (the 39.99 USD package) of Fotor website service. “As the trouble shooting by our technical guys are still ongoing, we assume that it may take a few days. I received a follow-up email on October 19th and acknowledgment of my notification that said: Public access was restricted shortly after my notice. The following day I got a reply that my message was forwarded and someone would be getting back to me. I immediately sent a responsible disclosure notice of my findings. Very quickly there was enough evidence in the data to trace it back to Fotor, a multi-platform photo editing tool. In this particular case it was easy to find the owner of the database because all of the folders contained the name “Fotor”. I have discovered many records where I knew they contained something sensitive but couldn’t figure out who to report the findings to. Many times companies or organizations will try to make their data anonymous or encrypt the records. Often it can take a very long time to research who is responsible for the exposed data and how to contact them. The most disturbing part of the discovery was a massive collection of 13 million user records that included their names, email addresses, user ID numbers in plain text. There was a total of more than 123 million records exposed that contained a combination of test and production data. On October 15th I discovered a non-password protected database that contained a large number of internal records. Secure Thoughts collaborated with Security Expert Jeremiah Fowler to expose a massive leak of user information by a photo editing application. Here are his findings: How To Keep Your Email Secure From Hackers.What Do You Do If Your Social Security Number Is Stolen?.Best Identity Theft Protection Services.The Frightening Facts of Credit Card Fraud.The Do’s and Don’ts of Online Background Checks.What Do Free Background Checks Really Offer?.How to Find Out if Someone You Know Has Been Arrested.What Can You Learn from a Reverse Phone Lookup?.What Will Show Up on a Background Check?.The Ultimate Guide to Background Checks.Norton vs Kaspersky – Battle of the Antivirus Giants.Is Windows Defender Enough to Safeguard Your PC in 2021?.Banned from Omegle? Find How to Unblock the Ban to Your Chatting Service.Millennial’s Irresponsible When it Comes to Internet Security.The Mysterious Dark Web: Which Dark Web Browsers Are Best?.Popular Privacy Coins: Top 5 Anonymous Cryptocurrencies.The Best Ransomware Protection for 2021. How To Enhance Your Home Wireless Network Security.What Is Encryption And How Does It Work.Signs of Malware Infection on Android: Removal and Prevention Tips.How to Protect Your Online Privacy in 2021.The Best Private Search Engines for 2021.
0 Comments
Leave a Reply. |