The Hub of Stupi... *misconfigs Index
An index of everything I found and is public. The whole finds list is way bigger than this, finding it is pretty easy, closing them is another story though.
Everything in one place
You can check this index to see most of what I have found and has been posted either by me or someone I worked with.
You can click on any flag to go to a specific country, use the contents tab from Substack or you can just scroll through the post to see them all. ๐ง๐ฏ (1) ๐ง๐น (1) ๐ง๐ท (3) ๐จ๐ฑ (1) ๐จ๐ณ (1) ๐ซ๐ท (1) ๐ฉ๐ช (1) ๐ฎ๐ณ (6) ๐ฎ๐น (2) ๐ฒ๐พ (1) ๐ฒ๐ฝ (4) ๐ณ๐ฟ (2) ๐ณ๐ฌ (1) ๐ต๐ญ (1) ๐ช๐ธ (2) ๐น๐ญ (3) ๐บ๐ฆ (1) ๐ฌ๐ง (5) ๐บ๐ธ (15) ๐ช๐บ (1) ๐ (5) ๐ดโโ ๏ธ (2)
Servers containing hacked/illegal contents that I donโt think will fit on a specific country will be under the ๐ดโโ ๏ธ flag, any other server that isnโt hacked data and doesnโt fit in a specific country will be under ๐ช๐บ for Europe or ๐ for something worldwide.
Every incident will have some information about it and the link to the original post.
Any timeline of exposure is only what I personally verified unless stated otherwise, usually the day I first flagged it until the day I noticed it was closed.
Company disclosures will be listed next to the post link, if you find any disclosure that isnโt listed here you can reach out and Iโll update it.
๐ง๐ฏ Benin
Company: https://tresorbenin.bj
Timeline of exposure: Early June 2024 until July 1st 2024
Size: +4.7 million records
Post: https://infosec.exchange/@JayeLTee/112832149227172614๐ง๐น Bhutan
Company: https://www.drukasia.com
Timeline of exposure: August 2023 until June 1st 2024
Size: +23,000 files (+15,000 clients)
Post: https://infosec.exchange/@JayeLTee/113011342028424660๐ง๐ท Brazil
Company: https://mv.com.br
Timeline of exposure: Early 2023 until August 9th 2024
Size: +120 million medical docs
Post: https://infosec.exchange/@JayeLTee/112950688905543640Company: https://www.marilia.sp.gov.br
Timeline of exposure: April 6th 2024 until mid July 2024
Size: +43,000 files and SQL backups
Post: https://infosec.exchange/@JayeLTee/112970521193364853Company: https://acordoonline.com
Timeline of exposure: August 18th 2024 until September 3rd 2024
Size: +800GB (+40 million user records)
Post: https://infosec.exchange/@JayeLTee/113169852830957130๐จ๐ฑ Chile
Company: https://imed.cl
Timeline of exposure: June 30th 2024 until July 18th 2024
Size: +396,000 files
Post: https://newschu.substack.com/p/misconfigurations-capitulo-7-una๐จ๐ณ China
Company: n/a (Multiple companies scraped data)
Timeline of exposure: May 5th 2024 until May 10th 2024
Size: +1.2 Billion records
Post: https://infosec.exchange/@JayeLTee/112417378247579360๐ซ๐ท France
Company: n/a (Scraped of multiple breaches/datasets)
Timeline of exposure: September 17th 2024 until September 25th 2024
Size: +95 million records
Post: https://databreaches.net/2024/09/26/massive-french-citizens-data-leak-exposes-95-million-records/๐ฉ๐ช Germany
Company: https://www.fireplan.de (~400 Fire Depts using the software)
Timeline of exposure: February 2024 until October 22nd 2024
Size: n/a (Full amount not found, +100,000 files verified)
Post: https://jltee.substack.com/p/putting-out-virtual-fires-in-germany๐ฎ๐ณ India
Company: https://www.brandmidas.com
Timeline of exposure: May 10th 2023 until early September 2023
Size: +1.8 million files
Post: https://infosec.exchange/@JayeLTee/112230481339051013Company: https://www.asianpaints.com
Timeline of exposure: February 9th 2024 until April 8th 2024
Size: +2.4 million files
Post: https://infosec.exchange/@JayeLTee/112671529735316073Company: https://moneytor.in
Timeline of exposure: ~24 hours (June 21st 2024)
Size: +30 million records
Post: https://infosec.exchange/@JayeLTee/112689023815116231Company: https://www.kesari.in
Timeline of exposure: February 20th 2024 until June 4th 2024
Size: +120GB (+530,000 files)
Post: https://infosec.exchange/@JayeLTee/113006229000163028Company: https://www.hungama.com
Timeline of exposure: May 23rd 2024 until May 30th 2024
Size: +41.4 million records
Post: https://infosec.exchange/@JayeLTee/113075636340119294Company: https://www.skullcandy.in
Timeline of exposure: September 15th 2024 until January 27th 2025
Size: 157,468 users
Post: https://jltee.substack.com/p/skullcandyin-exposed-web-server-and-database-backups๐ฎ๐น Italy
Company: https://www.engled.it
Timeline of exposure: Early July 2024 until September 27th 2024
Size: +39.4GB (+45,900 files)
Post: https://infosec.exchange/@JayeLTee/113316396745115474
Company Disclosure: Link
Company: https://www.leroymerlin.it
Timeline of exposure: April 14th 2025 until May 2nd 2025
Size: 21,702 files
Post: https://jltee.substack.com/p/20000-files-from-leroy-merlin-italian-branch-clients-exposed-publicly๐ฒ๐พ Malaysia
Company: https://makna.org.my
Timeline of exposure: Early 2024 until April 30th 2024
Size: +16TB
Post: https://infosec.exchange/@JayeLTee/112445414529780600๐ฒ๐ฝ Mexico
Company: https://www.bancoazteca.com.mx
Timeline of exposure: February 2022 until November 20th 2024
Size: +1.9TB (12.5m credit request related documents)
Post: https://jltee.substack.com/p/bancoaztecacommx-banco-aztecaCompany: https://www.cargamos.com
Timeline of exposure: July 2023 until December 18th 2024
Size: +6,000,000 files
Post: https://www.publimetro.com.mx/noticias/2024/12/16/start-up-mexicana-deja-a-merced-de-hackers-6-millones-de-archivos-de-clientes-y-repartidoresCompany: https://www.pazmental.mx
Timeline of exposure: September 15th 2024 until -
Size: +136,500 files
Post: https://www.publimetro.com.mx/noticias/2025/02/04/expuestos-miles-de-expedientes-medicos-de-adultos-mayores-en-mexico-al-alcance-de-hackersCompany: https://tec.mx
Timeline of exposure: October 21st 2024 until January 14th 2025
Size: 161,042 files(105.24GB)
Post: https://jltee.substack.com/p/server-from-university-tecmx-exposed-publicly๐ณ๐ฟ New Zealand
Company: https://newfold.com
Timeline of exposure: 27th February 2024 until June 19th 2024
Size: +100,000 users
Post: https://jltee.substack.com/p/risk-a-ban-by-alerting-100000-peopleCompany: https://teammateapp.com
Timeline of exposure: December 3rd 2024 until February 15th 2025
Size: 16,474 users(3.8GB)
Post: https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security๐ณ๐ฌ Nigeria
Company: https://bestfin.com.ng
Timeline of exposure: August 5th 2024 until August 8th 2024
Size: +300GB (600,000 BVN verifications)
Post: https://infosec.exchange/@JayeLTee/112925887663325849๐ต๐ญ Philippines
Company: n/a
Timeline of exposure: August 4th 2024 until September 21st 2024
Size: +800 million records
Post: https://infosec.exchange/@JayeLTee/113303889998545592๐ช๐ธ Spain
Company: https://www.docudocu.com
Timeline of exposure: December 23rd 2023 until February 20th 2024
Size: +9 million files
Post: https://infosec.exchange/@JayeLTee/112473306551479219Company: https://www.camaramadrid.es
Timeline of exposure: January 2024 until August 16th 2024
Size: +36,000 files
Post: https://infosec.exchange/@JayeLTee/113355502887511074๐น๐ญ Thailand
Company: https://www.gogo-cargo.com
Timeline of exposure: December 2nd 2023 until early March 2024
Size: +100,000 files
Post: https://infosec.exchange/@JayeLTee/112380600532176461Company: n/a (Multiple Samut Sakhon Schools)
Timeline of exposure: May 28th 2024 until June 5th 2024
Size: +25,000 files (+2,400 students)
Post: https://infosec.exchange/@JayeLTee/112852839667899189Company: https://www.obec.go.th
Timeline of exposure: October 4th 2024 until December 24th 2024
Size: +438,000 records
Post: https://jltee.substack.com/p/over-400000-student-records-from-obec-exposed๐บ๐ฆ Ukraine
Company: https://slotclub.pro
Timeline of exposure: February 9th 2024 until February 23rd 2024
Size: +45,000 files
Post: https://infosec.exchange/@JayeLTee/112513481200206768๐ฌ๐ง United Kingdom
Company: https://vipvoip.co.uk
Timeline of exposure: April 23rd 2023 until May 2nd 2023
Size: +128GB (+2,500 customers)
Post: https://infosec.exchange/@JayeLTee/112330111551926578Company: https://www.teamlocum.co.uk
Timeline of exposure: April 25th 2023 until May 2nd 2023
Size: +100,000 files (+25,000 users)
Post: https://infosec.exchange/@JayeLTee/112314338606305845Company: https://hatchster.com
Timeline of exposure: Early 2019 until April 25th 2024
Size: +50 million records
Post: https://infosec.exchange/@JayeLTee/112530573090227056Company: https://assistsecurity.co.uk
Timeline of exposure: October 23rd 2024 until October 29th 2024
Size: 46.48 GB (124,035 files)
Post: https://jltee.substack.com/p/security-company-assist-security-exposed-dataCompany: https://www.experiencewave.com
Timeline of exposure: December 2023 until April 24th 2025
Size: 29,459 files
Post: https://jltee.substack.com/p/workers-identification-documents-from-uk-exposed-publicly๐บ๐ธ United States
Company: https://www.espmgmt.com
Timeline of exposure: February 9th 2024 until March 15th 2024
Size: +50TB of compressed backups (+3.5 million patients)
Post: https://databreaches.net/2024/04/03/no-need-to-hack-when-its-leaking-wednesday-edition-eyecare-services-partners-exposed-more-than-2-million-patients-ssn-researcher/Company: https://tabb.net
Timeline of exposure: February 15th 2024 until August 13th 2024
Size: +200,000 background check docs
Post: https://databreaches.net/2024/08/15/tabb-inc-security-gaffe-exposes-200000-background-check-files-for-more-than-six-months/
Company disclosure: Link (Relates to a single client disclosure)Company: MC2Data ( https://www.privaterecords.net )
Timeline of exposure: August 18th 2024 until August 20th 2024
Size: +1.5TB (+100 million records)
Post: https://infosec.exchange/@JayeLTee/113081021941257552Company: Budtrader.com (Defunct)
Timeline of exposure: June 27th 2024 until October 18th 2024
Size: 2,721,185 users
Post: https://infosec.exchange/@JayeLTee/113326973296935626Company: https://ppsfamily.com
Timeline of exposure: September 3rd 2024 until October 28th 2024
Size: +480,000 Probationers
Post: https://jltee.substack.com/p/ppsfamilycom-professional-probation-services-data-leakCompany: https://lcptracker.com
Timeline of exposure: July 12th 2024 until August 20th 2024
Size: 44,390,147 documents (8.72TB)
Post: https://jltee.substack.com/p/lcptrackercom-lcptracker-inc-security
Disclosure: LinkCompany: https://www.expresspros.com
Timeline of exposure: October 21st 2024 until November 18th 2024
Size: +2 Million users
Post: https://jltee.substack.com/p/expressproscom-express-employment-internationalCompany: https://roomster.com
Timeline of exposure: Mid 2022 until December 2024
Size: +320,000 files(Mostly US ID files)
Post: https://jltee.substack.com/p/share-a-house-and-maybe-your-id-as-wellCompany: https://www.orthominds.com
Timeline of exposure: October 23rd 2024 until November 26th 2024
Size: +1.8TB (300+ DB backups, +200,000 patients)
Post: https://jltee.substack.com/p/dental-software-company-exposes-300-database-backupsCompany: https://www.sequeldm.com
Timeline of exposure: November 24th 2024 until March 13th 2025
Size: UNK (+1m people)
Post: https://jltee.substack.com/p/direct-mail-marketing-agency-exposes-data-of-millions-of-people-publiclyCompany: https://www.grmtech.com
Timeline of exposure: January 1st 2025 until February 4th 2025
Size: +6 million chat messages, +130,000 files
Post: https://jltee.substack.com/p/internal-chat-database-for-multiple-us-companies-exposedCompany: https://adoptionsbygladney.com
Timeline of Exposure: April 1st 2025 until April 7th 2025
Size: 1,930,615 records (5GB)
Post: https://jltee.substack.com/p/us-adoption-center-gladney-leaks-millions-of-recordsCompany: https://www.mangosplace.com
Timeline of exposure: July 2021 until April 25th 2025
Size: 25,713 files
Post: https://jltee.substack.com/p/us-childcare-center-leaks-thousands-of-childrens-private-dataCompany: https://www.triangleins.com
Timeline of exposure: July 2021 until May 13th 2025
Size: 571,623 files
Post: https://jltee.substack.com/p/two-decades-of-triangle-insurance-documents-exposedCompany: State Forensic Lab in Montana
Timeline of exposure: May 14th 2025 until June 17th 2025
Size: Over 5TB
Post: https://jltee.substack.com/p/forensic-lab-with-links-to-montana-doj-leaks-phone-extracts๐ช๐บ Europe
Company: myHyundai for dealer App - Link
Timeline of exposure: October 23rd 2024 until October 30th 2024
Size: 25,637 files (21.65GB)
Post: https://jltee.substack.com/p/myhyundai-for-dealer-app-misconfiguration๐ World
Company: https://www.pulsesolutions.com
Timeline of exposure: September 23rd 2023 until February 27th 2024
Size: n/a (Multiple DBs exposed from their clients)
Post: https://infosec.exchange/@JayeLTee/112358843322393535Company: https://www.who.int
Timeline of exposure: February 9th 2024 until early July 2024
Size: +22GB (+4700 users)
Post: https://infosec.exchange/@JayeLTee/112790613804513623Company: https://www.mygiftcardsupply.com
Timeline of exposure: October 21st 2024 until January 1st 2025
Size: +600,000 files (~200,000 people KYC docs)
Post: https://techcrunch.com/2025/01/03/online-gift-card-store-exposed-hundreds-of-thousands-of-peoples-identity-documentsCompany: https://www.bdatrip.com
Timeline of exposure: December 2023 until 21st December 2024
Size: +1,000,000 files
Post: https://jltee.substack.com/p/tour-provider-bdatrip-exposes-over-1-million-pii-filesCompany: https://www.gohighlevel.com
Timeline of exposure: July 2023 until 13th February 2025
Size: 11.95TB (14,355,237 files)
Post: https://jltee.substack.com/p/all-in-one-platform-gohighlevel-exposed-attachments-from-clients๐ดโโ ๏ธ Hacked/Illegal
Content: Multiple US Breaches
Post: https://infosec.exchange/@JayeLTee/112712404038214723Content: 4 Billion Infostealer records, 6 servers closed.
Post: https://jltee.substack.com/p/billions-of-infostealer-logs-exposedYou can follow me at https://infosec.exchange/@JayeLTee to read me rambling about some of the things that happen while trying to fix exposures.