The Hub of Stupi... *misconfigs Index
An index of everything I found and is public. The whole finds list is way bigger than this, finding it is pretty easy, closing them is another story though.
Everything in one place
You can check this index to see most of what I have found and has been posted either by me or someone I worked with.
You can click on any flag to go to a specific country, use the contents tab from Substack or you can just scroll through the post to see them all. 🇧🇯 (1) 🇧🇹 (1) 🇧🇷 (3) 🇨🇱 (1) 🇨🇳 (1) 🇫🇷 (1) 🇩🇪 (1) 🇮🇳 (6) 🇮🇹 (2) 🇲🇾 (1) 🇲🇽 (4) 🇳🇿 (2) 🇳🇬 (1) 🇵🇭 (1) 🇪🇸 (2) 🇹🇭 (3) 🇺🇦 (1) 🇬🇧 (5) 🇺🇸 (15) 🇪🇺 (1) 🌍 (5) 🏴☠️ (2)
Servers containing hacked/illegal contents that I don’t think will fit on a specific country will be under the 🏴☠️ flag, any other server that isn’t hacked data and doesn’t fit in a specific country will be under 🇪🇺 for Europe or 🌍 for something worldwide.
Every incident will have some information about it and the link to the original post.
Any timeline of exposure is only what I personally verified unless stated otherwise, usually the day I first flagged it until the day I noticed it was closed.
Company disclosures will be listed next to the post link, if you find any disclosure that isn’t listed here you can reach out and I’ll update it.
🇧🇯 Benin
Company: https://tresorbenin.bj
Timeline of exposure: Early June 2024 until July 1st 2024
Size: +4.7 million records
Post: https://infosec.exchange/@JayeLTee/112832149227172614🇧🇹 Bhutan
Company: https://www.drukasia.com
Timeline of exposure: August 2023 until June 1st 2024
Size: +23,000 files (+15,000 clients)
Post: https://infosec.exchange/@JayeLTee/113011342028424660🇧🇷 Brazil
Company: https://mv.com.br
Timeline of exposure: Early 2023 until August 9th 2024
Size: +120 million medical docs
Post: https://infosec.exchange/@JayeLTee/112950688905543640Company: https://www.marilia.sp.gov.br
Timeline of exposure: April 6th 2024 until mid July 2024
Size: +43,000 files and SQL backups
Post: https://infosec.exchange/@JayeLTee/112970521193364853Company: https://acordoonline.com
Timeline of exposure: August 18th 2024 until September 3rd 2024
Size: +800GB (+40 million user records)
Post: https://infosec.exchange/@JayeLTee/113169852830957130🇨🇱 Chile
Company: https://imed.cl
Timeline of exposure: June 30th 2024 until July 18th 2024
Size: +396,000 files
Post: https://newschu.substack.com/p/misconfigurations-capitulo-7-una🇨🇳 China
Company: n/a (Multiple companies scraped data)
Timeline of exposure: May 5th 2024 until May 10th 2024
Size: +1.2 Billion records
Post: https://infosec.exchange/@JayeLTee/112417378247579360🇫🇷 France
Company: n/a (Scraped of multiple breaches/datasets)
Timeline of exposure: September 17th 2024 until September 25th 2024
Size: +95 million records
Post: https://databreaches.net/2024/09/26/massive-french-citizens-data-leak-exposes-95-million-records/🇩🇪 Germany
Company: https://www.fireplan.de (~400 Fire Depts using the software)
Timeline of exposure: February 2024 until October 22nd 2024
Size: n/a (Full amount not found, +100,000 files verified)
Post: https://jltee.substack.com/p/putting-out-virtual-fires-in-germany🇮🇳 India
Company: https://www.brandmidas.com
Timeline of exposure: May 10th 2023 until early September 2023
Size: +1.8 million files
Post: https://infosec.exchange/@JayeLTee/112230481339051013Company: https://www.asianpaints.com
Timeline of exposure: February 9th 2024 until April 8th 2024
Size: +2.4 million files
Post: https://infosec.exchange/@JayeLTee/112671529735316073Company: https://moneytor.in
Timeline of exposure: ~24 hours (June 21st 2024)
Size: +30 million records
Post: https://infosec.exchange/@JayeLTee/112689023815116231Company: https://www.kesari.in
Timeline of exposure: February 20th 2024 until June 4th 2024
Size: +120GB (+530,000 files)
Post: https://infosec.exchange/@JayeLTee/113006229000163028Company: https://www.hungama.com
Timeline of exposure: May 23rd 2024 until May 30th 2024
Size: +41.4 million records
Post: https://infosec.exchange/@JayeLTee/113075636340119294Company: https://www.skullcandy.in
Timeline of exposure: September 15th 2024 until January 27th 2025
Size: 157,468 users
Post: https://jltee.substack.com/p/skullcandyin-exposed-web-server-and-database-backups🇮🇹 Italy
Company: https://www.engled.it
Timeline of exposure: Early July 2024 until September 27th 2024
Size: +39.4GB (+45,900 files)
Post: https://infosec.exchange/@JayeLTee/113316396745115474
Company Disclosure: Link
Company: https://www.leroymerlin.it
Timeline of exposure: April 14th 2025 until May 2nd 2025
Size: 21,702 files
Post: https://jltee.substack.com/p/20000-files-from-leroy-merlin-italian-branch-clients-exposed-publicly🇲🇾 Malaysia
Company: https://makna.org.my
Timeline of exposure: Early 2024 until April 30th 2024
Size: +16TB
Post: https://infosec.exchange/@JayeLTee/112445414529780600🇲🇽 Mexico
Company: https://www.bancoazteca.com.mx
Timeline of exposure: February 2022 until November 20th 2024
Size: +1.9TB (12.5m credit request related documents)
Post: https://jltee.substack.com/p/bancoaztecacommx-banco-aztecaCompany: https://www.cargamos.com
Timeline of exposure: July 2023 until December 18th 2024
Size: +6,000,000 files
Post: https://www.publimetro.com.mx/noticias/2024/12/16/start-up-mexicana-deja-a-merced-de-hackers-6-millones-de-archivos-de-clientes-y-repartidoresCompany: https://www.pazmental.mx
Timeline of exposure: September 15th 2024 until -
Size: +136,500 files
Post: https://www.publimetro.com.mx/noticias/2025/02/04/expuestos-miles-de-expedientes-medicos-de-adultos-mayores-en-mexico-al-alcance-de-hackersCompany: https://tec.mx
Timeline of exposure: October 21st 2024 until January 14th 2025
Size: 161,042 files(105.24GB)
Post: https://jltee.substack.com/p/server-from-university-tecmx-exposed-publicly🇳🇿 New Zealand
Company: https://newfold.com
Timeline of exposure: 27th February 2024 until June 19th 2024
Size: +100,000 users
Post: https://jltee.substack.com/p/risk-a-ban-by-alerting-100000-peopleCompany: https://teammateapp.com
Timeline of exposure: December 3rd 2024 until February 15th 2025
Size: 16,474 users(3.8GB)
Post: https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security🇳🇬 Nigeria
Company: https://bestfin.com.ng
Timeline of exposure: August 5th 2024 until August 8th 2024
Size: +300GB (600,000 BVN verifications)
Post: https://infosec.exchange/@JayeLTee/112925887663325849🇵🇭 Philippines
Company: n/a
Timeline of exposure: August 4th 2024 until September 21st 2024
Size: +800 million records
Post: https://infosec.exchange/@JayeLTee/113303889998545592🇪🇸 Spain
Company: https://www.docudocu.com
Timeline of exposure: December 23rd 2023 until February 20th 2024
Size: +9 million files
Post: https://infosec.exchange/@JayeLTee/112473306551479219Company: https://www.camaramadrid.es
Timeline of exposure: January 2024 until August 16th 2024
Size: +36,000 files
Post: https://infosec.exchange/@JayeLTee/113355502887511074🇹🇭 Thailand
Company: https://www.gogo-cargo.com
Timeline of exposure: December 2nd 2023 until early March 2024
Size: +100,000 files
Post: https://infosec.exchange/@JayeLTee/112380600532176461Company: n/a (Multiple Samut Sakhon Schools)
Timeline of exposure: May 28th 2024 until June 5th 2024
Size: +25,000 files (+2,400 students)
Post: https://infosec.exchange/@JayeLTee/112852839667899189Company: https://www.obec.go.th
Timeline of exposure: October 4th 2024 until December 24th 2024
Size: +438,000 records
Post: https://jltee.substack.com/p/over-400000-student-records-from-obec-exposed🇺🇦 Ukraine
Company: https://slotclub.pro
Timeline of exposure: February 9th 2024 until February 23rd 2024
Size: +45,000 files
Post: https://infosec.exchange/@JayeLTee/112513481200206768🇬🇧 United Kingdom
Company: https://vipvoip.co.uk
Timeline of exposure: April 23rd 2023 until May 2nd 2023
Size: +128GB (+2,500 customers)
Post: https://infosec.exchange/@JayeLTee/112330111551926578Company: https://www.teamlocum.co.uk
Timeline of exposure: April 25th 2023 until May 2nd 2023
Size: +100,000 files (+25,000 users)
Post: https://infosec.exchange/@JayeLTee/112314338606305845Company: https://hatchster.com
Timeline of exposure: Early 2019 until April 25th 2024
Size: +50 million records
Post: https://infosec.exchange/@JayeLTee/112530573090227056Company: https://assistsecurity.co.uk
Timeline of exposure: October 23rd 2024 until October 29th 2024
Size: 46.48 GB (124,035 files)
Post: https://jltee.substack.com/p/security-company-assist-security-exposed-dataCompany: https://www.experiencewave.com
Timeline of exposure: December 2023 until April 24th 2025
Size: 29,459 files
Post: https://jltee.substack.com/p/workers-identification-documents-from-uk-exposed-publicly🇺🇸 United States
Company: https://www.espmgmt.com
Timeline of exposure: February 9th 2024 until March 15th 2024
Size: +50TB of compressed backups (+3.5 million patients)
Post: https://databreaches.net/2024/04/03/no-need-to-hack-when-its-leaking-wednesday-edition-eyecare-services-partners-exposed-more-than-2-million-patients-ssn-researcher/Company: https://tabb.net
Timeline of exposure: February 15th 2024 until August 13th 2024
Size: +200,000 background check docs
Post: https://databreaches.net/2024/08/15/tabb-inc-security-gaffe-exposes-200000-background-check-files-for-more-than-six-months/
Company disclosure: Link (Relates to a single client disclosure)Company: MC2Data ( https://www.privaterecords.net )
Timeline of exposure: August 18th 2024 until August 20th 2024
Size: +1.5TB (+100 million records)
Post: https://infosec.exchange/@JayeLTee/113081021941257552Company: Budtrader.com (Defunct)
Timeline of exposure: June 27th 2024 until October 18th 2024
Size: 2,721,185 users
Post: https://infosec.exchange/@JayeLTee/113326973296935626Company: https://ppsfamily.com
Timeline of exposure: September 3rd 2024 until October 28th 2024
Size: +480,000 Probationers
Post: https://jltee.substack.com/p/ppsfamilycom-professional-probation-services-data-leakCompany: https://lcptracker.com
Timeline of exposure: July 12th 2024 until August 20th 2024
Size: 44,390,147 documents (8.72TB)
Post: https://jltee.substack.com/p/lcptrackercom-lcptracker-inc-security
Disclosure: LinkCompany: https://www.expresspros.com
Timeline of exposure: October 21st 2024 until November 18th 2024
Size: +2 Million users
Post: https://jltee.substack.com/p/expressproscom-express-employment-internationalCompany: https://roomster.com
Timeline of exposure: Mid 2022 until December 2024
Size: +320,000 files(Mostly US ID files)
Post: https://jltee.substack.com/p/share-a-house-and-maybe-your-id-as-wellCompany: https://www.orthominds.com
Timeline of exposure: October 23rd 2024 until November 26th 2024
Size: +1.8TB (300+ DB backups, +200,000 patients)
Post: https://jltee.substack.com/p/dental-software-company-exposes-300-database-backupsCompany: https://www.sequeldm.com
Timeline of exposure: November 24th 2024 until March 13th 2025
Size: UNK (+1m people)
Post: https://jltee.substack.com/p/direct-mail-marketing-agency-exposes-data-of-millions-of-people-publiclyCompany: https://www.grmtech.com
Timeline of exposure: January 1st 2025 until February 4th 2025
Size: +6 million chat messages, +130,000 files
Post: https://jltee.substack.com/p/internal-chat-database-for-multiple-us-companies-exposedCompany: https://adoptionsbygladney.com
Timeline of Exposure: April 1st 2025 until April 7th 2025
Size: 1,930,615 records (5GB)
Post: https://jltee.substack.com/p/us-adoption-center-gladney-leaks-millions-of-recordsCompany: https://www.mangosplace.com
Timeline of exposure: July 2021 until April 25th 2025
Size: 25,713 files
Post: https://jltee.substack.com/p/us-childcare-center-leaks-thousands-of-childrens-private-dataCompany: https://www.triangleins.com
Timeline of exposure: July 2021 until May 13th 2025
Size: 571,623 files
Post: https://jltee.substack.com/p/two-decades-of-triangle-insurance-documents-exposedCompany: State Forensic Lab in Montana
Timeline of exposure: May 14th 2025 until June 17th 2025
Size: Over 5TB
Post: https://jltee.substack.com/p/forensic-lab-with-links-to-montana-doj-leaks-phone-extracts🇪🇺 Europe
Company: myHyundai for dealer App - Link
Timeline of exposure: October 23rd 2024 until October 30th 2024
Size: 25,637 files (21.65GB)
Post: https://jltee.substack.com/p/myhyundai-for-dealer-app-misconfiguration🌍 World
Company: https://www.pulsesolutions.com
Timeline of exposure: September 23rd 2023 until February 27th 2024
Size: n/a (Multiple DBs exposed from their clients)
Post: https://infosec.exchange/@JayeLTee/112358843322393535Company: https://www.who.int
Timeline of exposure: February 9th 2024 until early July 2024
Size: +22GB (+4700 users)
Post: https://infosec.exchange/@JayeLTee/112790613804513623Company: https://www.mygiftcardsupply.com
Timeline of exposure: October 21st 2024 until January 1st 2025
Size: +600,000 files (~200,000 people KYC docs)
Post: https://techcrunch.com/2025/01/03/online-gift-card-store-exposed-hundreds-of-thousands-of-peoples-identity-documentsCompany: https://www.bdatrip.com
Timeline of exposure: December 2023 until 21st December 2024
Size: +1,000,000 files
Post: https://jltee.substack.com/p/tour-provider-bdatrip-exposes-over-1-million-pii-filesCompany: https://www.gohighlevel.com
Timeline of exposure: July 2023 until 13th February 2025
Size: 11.95TB (14,355,237 files)
Post: https://jltee.substack.com/p/all-in-one-platform-gohighlevel-exposed-attachments-from-clients🏴☠️ Hacked/Illegal
Content: Multiple US Breaches
Post: https://infosec.exchange/@JayeLTee/112712404038214723Content: 4 Billion Infostealer records, 6 servers closed.
Post: https://jltee.substack.com/p/billions-of-infostealer-logs-exposedYou can follow me at https://infosec.exchange/@JayeLTee to read me rambling about some of the things that happen while trying to fix exposures.