Cricketsocial[.]com, a cricket community social network exposed over 100k user entries and administrative credentials.
An open database containing emails, phone numbers, names, hashed user passwords, dates of birth, and addresses were left exposed online.
Most of the entries appear to be test data, but some are personally identifiable information (PII) from actual site users.
Source: https://heimdalsecurity.com/blog/cricket-platform-exposed-over-100k-customer-data-entries/
TPRM report: https://scoringcyber.rankiteo.com/company/cricketsocial
"id": "cri18369123",
"linkid": "cricketsocial",
"type": "Breach",
"date": "01/2023",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '100k',
'industry': 'Sports',
'name': 'Cricketsocial',
'type': 'Social Network'}],
'attack_vector': 'Open Database',
'data_breach': {'data_encryption': 'Hashed Passwords',
'number_of_records_exposed': '100000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['emails',
'phone numbers',
'names',
'hashed user passwords',
'dates of birth',
'addresses']},
'description': 'Cricketsocial[.]com, a cricket community social network '
'exposed over 100k user entries and administrative '
'credentials. An open database containing emails, phone '
'numbers, names, hashed user passwords, dates of birth, and '
'addresses were left exposed online. Most of the entries '
'appear to be test data, but some are personally identifiable '
'information (PII) from actual site users.',
'impact': {'data_compromised': ['emails',
'phone numbers',
'names',
'hashed user passwords',
'dates of birth',
'addresses']},
'title': 'Cricketsocial Data Exposure',
'type': 'Data Exposure'}