X Social Media an internet advertising company has exposed close to 150,000 records from a database that was left unsecured.
The database contained submissions as part of a lead-generation effort by X Social Media and was left unprotected and without a password, allowing anyone to look inside.
It contained names, addresses, phone numbers, the date and time of a person’s submission, and the circumstances and explanation of their accident, injury, or illness. Often this included personal health information and sensitive medical information.
The researchers said the exposed data could be “easily traced” back to the individuals who filled out the website forms.
Source: https://techcrunch.com/2019/06/14/medical-injury-claim-data-exposed/
TPRM report: https://scoringcyber.rankiteo.com/company/xsocialmedia
"id": "xso203926323",
"linkid": "xsocialmedia",
"type": "Data Leak",
"date": "06/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '150,000',
'industry': 'Internet Advertising',
'name': 'X Social Media',
'type': 'Internet Advertising Company'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'data_encryption': 'None',
'number_of_records_exposed': '150,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Health Information']},
'description': 'X Social Media, an internet advertising company, exposed '
'close to 150,000 records from an unsecured database. The '
'database contained submissions as part of a lead-generation '
'effort and was left unprotected and without a password, '
'allowing anyone to look inside. It contained names, '
'addresses, phone numbers, the date and time of a person’s '
'submission, and the circumstances and explanation of their '
'accident, injury, or illness, including personal health '
'information and sensitive medical information. The exposed '
'data could be easily traced back to the individuals who '
'filled out the website forms.',
'impact': {'data_compromised': ['names',
'addresses',
'phone numbers',
'submission date and time',
'circumstances and explanation of accident, '
'injury, or illness',
'personal health information',
'sensitive medical information']},
'title': 'X Social Media Data Exposure',
'type': 'Data Exposure',
'vulnerability_exploited': 'Lack of password protection'}