Breach cyber

Passion.io

Jun 6, 2025 1 min read
Passion.io

A major no-code app-building platform, Passion.io, operated a non-password-protected database containing millions of records with sensitive, personally identifiable information. The archive, which was 12.2TB in size, included people's names, email addresses, postal addresses, and payment details. This data exposure poses significant risks such as phishing, identity theft, wire fraud, and other types of scams. The database was locked down after the discovery, but it is unknown whether any threat actors accessed the information.

Source: https://www.techradar.com/pro/security/more-than-3-million-records-12tb-of-data-exposed-in-major-app-builder-breach

TPRM report: https://scoringcyber.rankiteo.com/company/passion.io

"id": "pas740060625",
"linkid": "passion.io",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'No-code App-building Platform',
                        'location': 'Delaware',
                        'name': 'Passion.io',
                        'type': 'Company'}],
 'attack_vector': 'Non-password-protected Database',
 'data_breach': {'file_types_exposed': ['Internal files',
                                        'Images',
                                        'Spreadsheet documents'],
                 'number_of_records_exposed': 3637107,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal information',
                                              'Payment information']},
 'description': 'Passion.io, a major no-code app-building app, operated a '
                'non-password-protected database containing millions of '
                'records with sensitive, personally identifiable information. '
                'The database was found and reported by security researcher '
                'Jeremiah Fowler.',
 'impact': {'data_compromised': ["People's names",
                                 'Email addresses',
                                 'Postal addresses',
                                 'Payment details',
                                 'Payout details'],
            'identity_theft_risk': True,
            'payment_information_risk': True},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'TechRadar Pro'}],
 'response': {'containment_measures': ['Database locked down'],
              'incident_response_plan_activated': True,
              'remediation_measures': ['Putting guardrails in place']},
 'title': 'Passion.io Data Exposure Incident',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Lack of encryption and password protection'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

WeChat

public 1 min read
A massive data breach involving approximately 4 billion records has been discovered by cybersecurity researchers. The unsecured dataset, primarily consisting…
Jeremy C Jeremy C
Breach cyber

HMRC

public 1 min read
Organized crime has extracted £47 million from the UK government in a phishing operation. The operation involved mimicking taxpayer credentials…
Jeremy C Jeremy C
Breach cyber

Coinbase

public 1 min read
A data breach at Coinbase, facilitated by bribed customer support representatives from outsourcing firm TaskUs, resulted in the theft of…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.