• Social platform for US and UK military may have exposed over a mi

    From TechnologyDaily@1337:1/100 to All on Thursday, November 21, 2024 13:30:05
    Social platform for US and UK military may have exposed over a million records

    Date:
    Thu, 21 Nov 2024 13:01:00 +0000

    Description:
    Armed forces members could be subject to identity theft attacks and extortion after exposed database was discovered.

    FULL STORY ======================================================================An exposed database of UK and US military personnel has been found The database contained over 1 million records and sensitive PII The database has since
    been restricted, but it is not known how long it was exposed

    A top cybersecurity researcher has uncovered an unprotected online database containing sensitive PII and data for members of the US and UK armed forces.

    Jeremiah Fowler's writeup, shared with VPNMentor , outlines how the database belonged to Forces Penpals, a dating and social networking service for
    members of the armed forces, and contained 1,187,296 records.

    Much of the data apparently included full names, addresses, social security numbers of US personnel, National Insurance Numbers and Service Numbers of UK personnel, along with rank, branch of service, dates, and locations of military service members. Armed forces data left exposed

    The database was discovered by Fowler without encryption or password protection, meaning that the database could have been accessed by anyone with an internet connection.

    Fowler notified Forces Penpals about the exposure, and the database was protected the following day, however it is not known how long the database
    was exposed for, with Fowler noting that, Only an internal forensic audit could identify additional access or potentially suspicious activity.

    Forces Penpals, which claims to have over 290,000 members, both civilian and military, replied to the exposure notice, and provided an explanation, Thank you for contacting us. It is much appreciated. Looks like there was a coding error where the documents were going to the wrong bucket and directory
    listing was turned on for debugging and never turned off. The photos are public anyway so that's not an issue, but the documents certainly should not be public.

    The level of detail contained within some of the documents would provide a malicious user with enough information to launch an identity theft or social engineering campaign against exposed users.

    Additionally, Fowler says, some of the exposed data contained within the database, such as ranks, levels of security clearance, and locations, could have national security implications.

    Earlier this year, Chinese state-sponsored threat actors reportedly breached
    a third-party contractor for the UK Ministry of Defense and accessed the data of armed forces personnel, with a similar attack attempting to steal records of ex-RAF pilots also attributed to Chinese state-sponsored groups. You might also like These are the best people search finders around today And take a look at the best antivirus to keep your data safe Dangerous global botnet fueling residential proxies is being hit in major crackdown



    ======================================================================
    Link to news story: https://www.techradar.com/pro/social-platform-for-us-and-uk-military-may-have- exposed-over-a-million-records


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)