Archive - The Hub of Stupi.. *misconfigs

Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn't

From dumps with no login credentials at all, to direct connections to txtbase leaks from Telegram and old breaches, Cybernews tried to pass this as new…

Jun 28 •

Forensic Lab With Links to Montana DOJ Leaks Phone Extracts

Multiple extracts for cases involving a cop suicide, homicides, CSAM and more were left publicly exposed.

Jun 22 •

Two Decades of Triangle Insurance Documents Exposed Publicly

The server was insecure for years, containing over 500,000 documents and decades worth of claims, email backups and more.

Jun 5 •

20,000 Files From Leroy Merlin Italian Branch Clients Exposed Publicly

The files exposed contained client ID and Tax cards, email backups and more. After notifying Leroymerlin.it the issue was quickly fixed.

Jun 3 •

May 2025

Worker's Identification Documents From the United Kingdom Exposed Publicly

The data was linked to a couple of companies owned by the Avidity Group. After my notification the issue was promptly resolved.

May 19 •

US Childcare Center Leaks Thousands of Children's Private Data

Mango's Place was storing documents online, from children and parents that used their center, with no authentication to access for years.

May 13 •

April 2025

US Adoption Center Gladney Leaks Millions of Records Related to Adoptions Publicly

Almost 2 million entries with really sensitive information was exposed publicly for at least a week.

Apr 21 •

Internal chat database for multiple US companies exposed publicly

Millions of chat messages and over 130,000 attachments exposing PII and PHI were public for over a month.

Apr 10 •

Direct Mail & Marketing Agency Exposes Data of Millions of People Publicly

Lists with private information on millions of people from dozens of SequelDM clients exposed publicly on a web server for months.

Apr 1 •

March 2025

All-in-One Platform GoHighLevel Exposed Attachments From Their Clients Publicly

Millions of files with all kinds of private information exposed. The data belonged to companies in multiple countries.

Mar 27 •

Billions of Infostealer Logs Exposed: How Web Hosts React to Abuse Complaints

I filed abuse complaints for multiple hosts and I'm sharing some of the struggles and what it took to close down over 4 billion records.

Mar 3 •

February 2025

Response to Teammate App's Notification and Disclosure

First they claimed they were impossible to hack. Then they claimed I hacked them. Both claims are factually inaccurate.

Feb 28 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts