CYBER 101

  • Alerts
  • Blog
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Domains
  • FAQ
  • Incidents
  • Tutorials

Subscribe to our newsletter

FOLLOW US

No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Jobs
  • Vendors
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
  • Jobs
  • Vendors
Get Help
CyberMaterial
Home Incidents

Database of the Cricketsocial.com platform left open online

January 6, 2023
Reading Time: 2 mins read
in Incidents

 

Cricketsocial.com, is a social platform developed for the cricket community online. CyberNews discovered that a database used by the platform was left open online, it contains a huge trove of data.

The Social platform for the cricket community exposed over 100k entries of private customer data and credentials.

The database, hosted by Amazon Web Services (AWS) in the US, contained admin credentials and private customer data, including email, phone numbers, names, hashed user passwords, dates of birth, and addresses.

The experts noticed that most of the records in the database seem to be test data, however, the experts discovered it also includes personally identifiable information (PII) of legitimate site users. The data stored in the database includes posts, comments, number of likes, and links to images kept on the AWS storage bucket.

“Even if all the information stored was test data, leaving data in plaintext is a poignant indication of bad security practices being employed. That creates unnecessary risks for unsound practices creeping into the production environment if left unchecked.” Cybernews researchers said.

The experts discovered the database also exposed plaintext credentials for a website administrator account, a piece of information that could allow an attacker to take over the platform.

The storage of passwords in plaintext is a bad practice that could advantage threat actors while targeting an infrastructure.

READ FULL ARTICLE

Tags: Cricketsocial.comCyberattacksData BreachData stolenincidentsIncidents 2023January 2023Personally Identifiable InformationSocial Media
1
VIEWS
ADVERTISEMENT

Related Posts

ICO Relaxes Breach Reporting for Comms Providers

ICO Relaxes Breach Reporting for Comms Providers

February 6, 2023
Tallahassee Memorial HealthCare has taken IT systems offline after cyberattack

Tallahassee Memorial HealthCare has taken IT systems offline after cyberattack

February 6, 2023
Microsoft attributes Charlie Hebdo data leak to Iran-linked NEPTUNIUM APT

Microsoft attributes Charlie Hebdo data leak to Iran-linked NEPTUNIUM APT

February 6, 2023
Data breach at Vice Media involved SSNs, financial info

Data breach at Vice Media involved SSNs, financial info

February 6, 2023

More Articles

Hacktivists

January 19, 2022
Alerts

Ubuntu security advisory (AV22-523)

September 20, 2022
Incidents

Killnet hit Latvia with biggest cyberattack in its history

July 11, 2022
Alerts

Mozilla Security Advisory

October 5, 2021

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.