The Hub of Stupi... *misconfigs Index
An index of everything I found that is closed now. The full list is way bigger than this, finding it is pretty easy, closing them is another story though.
Everything in one place
You can check this index to see most of what I have found and has been posted either by me or someone I worked with.
Servers containing hacked/illegal contents that I donโt think will fit on a specific country will be under the ๐ดโโ ๏ธ flag, any other server that isnโt hacked data and doesnโt fit in a specific country will be under ๐.
Every incident will have some information about it and the link to the original post.
Any timeline of exposure is only what I personally verified unless stated otherwise, usually the day I first flagged it until the day I noticed it was closed.
Company disclosures will be listed next to the post link, if you find any disclosure that isnโt listed here you can reach out and Iโll update it.
You can click on any flag to go to a specific country or use the contents tab from Substack or you can just scroll through the post to see them all. ๐ง๐ฏ (1) ๐ง๐น (1) ๐ง๐ท (3) ๐จ๐ฑ (1) ๐จ๐ณ (1) ๐ซ๐ท (1) ๐ฉ๐ช (1) ๐ฎ๐ณ (5) ๐ฎ๐น (1) ๐ฒ๐พ (1) ๐ณ๐ฌ (1) ๐ต๐ญ (1) ๐ช๐ธ (2) ๐น๐ญ (2) ๐บ๐ฆ (1) ๐ฌ๐ง (3) ๐บ๐ธ (6) ๐ (2) ๐ดโโ ๏ธ (1)
๐ง๐ฏ Benin
Company: https://tresorbenin.bj
Timeline of exposure: Early June 2024 until July 1st 2024
Size: +4.7 million records
Post: https://infosec.exchange/@JayeLTee/112832149227172614๐ง๐น Bhutan
Company: https://www.drukasia.com
Timeline of exposure: August 2023 until June 1st 2024
Size: +23,000 files (+15,000 clients)
Post: https://infosec.exchange/@JayeLTee/113011342028424660๐ง๐ท Brazil
Company: https://mv.com.br
Timeline of exposure: Early 2023 until August 9th 2024
Size: +120 million medical docs
Post: https://infosec.exchange/@JayeLTee/112950688905543640Company: https://www.marilia.sp.gov.br
Timeline of exposure: April 6th 2024 until mid July 2024
Size: +43,000 files and SQL backups
Post: https://infosec.exchange/@JayeLTee/112970521193364853Company: https://acordoonline.com
Timeline of exposure: August 18th 2024 until September 3rd 2024
Size: +800GB (+40 million user records)
Post: https://infosec.exchange/@JayeLTee/113169852830957130๐จ๐ฑ Chile
Company: https://imed.cl
Timeline of exposure: June 30th 2024 until July 18th 2024
Size: +396,000 files
Post: https://newschu.substack.com/p/misconfigurations-capitulo-7-una๐จ๐ณ China
Company: n/a (Multiple companies scraped data)
Timeline of exposure: May 5th 2024 until May 10th 2024
Size: +1.2 Billion records
Post: https://infosec.exchange/@JayeLTee/112417378247579360๐ซ๐ท France
Company: n/a (Scraped of multiple breaches/datasets)
Timeline of exposure: September 17th 2024 until September 25th 2024
Size: +95 million records
Post: https://databreaches.net/2024/09/26/massive-french-citizens-data-leak-exposes-95-million-records/๐ฉ๐ช Germany
Company: https://www.fireplan.de (~400 Fire Depts using the software)
Timeline of exposure: February 2024 until October 22nd 2024
Size: n/a (Full amount not found, +100,000 files verified)
Post: https://jltee.substack.com/p/putting-out-virtual-fires-in-germany๐ฎ๐ณ India
Company: https://www.brandmidas.com
Timeline of exposure: May 10th 2023 until early September 2023
Size: +1.8 million files
Post: https://infosec.exchange/@JayeLTee/112230481339051013Company: https://www.asianpaints.com
Timeline of exposure: February 9th 2024 until April 8th 2024
Size: +2.4 million files
Post: https://infosec.exchange/@JayeLTee/112671529735316073Company: https://moneytor.in
Timeline of exposure: ~24 hours (June 21st 2024)
Size: +30 million records
Post: https://infosec.exchange/@JayeLTee/112689023815116231Company: https://www.kesari.in
Timeline of exposure: February 20th 2024 until June 4th 2024
Size: +120GB (+530,000 files)
Post: https://infosec.exchange/@JayeLTee/113006229000163028Company: https://www.hungama.com
Timeline of exposure: May 23rd 2024 until May 30th 2024
Size: +41.4 million records
Post: https://infosec.exchange/@JayeLTee/113075636340119294๐ฎ๐น Italy
Company: https://www.engled.it
Timeline of exposure: Early July 2024 until September 27th 2024
Size: +39.4GB (+45,900 files)
Post: https://infosec.exchange/@JayeLTee/113316396745115474
Company Disclosure: Link
๐ฒ๐พ Malaysia
Company: https://makna.org.my
Timeline of exposure: Early 2024 until April 30th 2024
Size: +16TB
Post: https://infosec.exchange/@JayeLTee/112445414529780600๐ณ๐ฌ Nigeria
Company: https://bestfin.com.ng
Timeline of exposure: August 5th 2024 until August 8th 2024
Size: +300GB (600,000 BVN verifications)
Post: https://infosec.exchange/@JayeLTee/112925887663325849๐ต๐ญ Philippines
Company: n/a
Timeline of exposure: August 4th 2024 until September 21st 2024
Size: +800 million records
Post: https://infosec.exchange/@JayeLTee/113303889998545592๐ช๐ธ Spain
Company: https://www.docudocu.com
Timeline of exposure: December 23rd 2023 until February 20th 2024
Size: +9 million files
Post: https://infosec.exchange/@JayeLTee/112473306551479219Company: https://www.camaramadrid.es
Timeline of exposure: January 2024 until August 16th 2024
Size: +36,000 files
Post: https://infosec.exchange/@JayeLTee/113355502887511074๐น๐ญ Thailand
Company: https://www.gogo-cargo.com
Timeline of exposure: December 2nd 2023 until early March 2024
Size: +100,000 files
Post: https://infosec.exchange/@JayeLTee/112380600532176461Company: n/a (Multiple Samut Sakhon Schools)
Timeline of exposure: May 28th 2024 until June 5th 2024
Size: +25,000 files (+2,400 students)
Post: https://infosec.exchange/@JayeLTee/112852839667899189๐บ๐ฆ Ukraine
Company: https://slotclub.pro
Timeline of exposure: February 9th 2024 until February 23rd 2024
Size: +45,000 files
Post: https://infosec.exchange/@JayeLTee/112513481200206768๐ฌ๐ง United Kingdom
Company: https://vipvoip.co.uk
Timeline of exposure: April 23rd 2023 until May 2nd 2023
Size: +128GB (+2,500 customers)
Post: https://infosec.exchange/@JayeLTee/112330111551926578Company: https://www.teamlocum.co.uk
Timeline of exposure: April 25th 2023 until May 2nd 2023
Size: +100,000 files (+25,000 users)
Post: https://infosec.exchange/@JayeLTee/112314338606305845Company: https://hatchster.com
Timeline of exposure: Early 2019 until April 25th 2024
Size: +50 million records
Post: https://infosec.exchange/@JayeLTee/112530573090227056๐บ๐ธ United States
Company: https://www.espmgmt.com
Timeline of exposure: February 9th 2024 until March 15th 2024
Size: +50TB of compressed backups (+3.5 million patients)
Post: https://databreaches.net/2024/04/03/no-need-to-hack-when-its-leaking-wednesday-edition-eyecare-services-partners-exposed-more-than-2-million-patients-ssn-researcher/Company: https://tabb.net
Timeline of exposure: February 15th 2024 until August 13th 2024
Size: +200,000 background check docs
Post: https://databreaches.net/2024/08/15/tabb-inc-security-gaffe-exposes-200000-background-check-files-for-more-than-six-months/Company: MC2Data ( https://www.privaterecords.net )
Timeline of exposure: August 18th 2024 until August 20th 2024
Size: +1.5TB (+100 million records)
Post: https://infosec.exchange/@JayeLTee/113081021941257552Company: Budtrader.com (Defunct)
Timeline of exposure: June 27th 2024 until October 18th 2024
Size: 2,721,185 users
Post: https://infosec.exchange/@JayeLTee/113326973296935626Company: https://ppsfamily.com
Timeline of exposure: September 3rd 2024 until October 28th 2024
Size: +480,000 Probationers
Post: https://jltee.substack.com/p/ppsfamilycom-professional-probation-services-data-leakCompany: https://lcptracker.com
Timeline of exposure: July 12th 2024 until August 20th 2024
Size: 44,390,147 documents (8.72TB)
Post: https://jltee.substack.com/p/lcptrackercom-lcptracker-inc-security
Disclosure: Link๐ World
Company: https://www.pulsesolutions.com
Timeline of exposure: September 23rd 2023 until February 27th 2024
Size: n/a (Multiple DBs exposed from their clients)
Post: https://infosec.exchange/@JayeLTee/112358843322393535Company: https://www.who.int
Timeline of exposure: February 9th 2024 until early July 2024
Size: +22GB (+4700 users)
Post: https://infosec.exchange/@JayeLTee/112790613804513623๐ดโโ ๏ธ Hacked/Illegal
Content: Multiple US Breaches
Post: https://infosec.exchange/@JayeLTee/112712404038214723For more posts about what I find exposed you can check: https://infosec.exchange/@JayeLTee