On August 8, 2022, the California Office of the Attorney General reported a data breach incident involving Yellow Social Interactive Limited that occurred on April 27, 2022. The breach involved a bug bounty detectorist accessing personal information, including names, driver's license numbers, and in limited instances, passport numbers. The company has since fixed the vulnerability and has not reported any misuse of the accessed data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-556034
TPRM report: https://www.rankiteo.com/company/yellow-social-interactive
"id": "yel007072725",
"linkid": "yellow-social-interactive",
"type": "Vulnerability",
"date": "4/2022",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'name': 'Yellow Social Interactive Limited',
'type': 'Company'}],
'attack_vector': 'Bug Bounty Detectorist',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
"driver's license numbers",
'passport numbers']},
'date_detected': '2022-04-27',
'date_publicly_disclosed': '2022-08-08',
'description': 'A bug bounty detectorist accessed personal information, '
"including names, driver's license numbers, and in limited "
'instances, passport numbers.',
'impact': {'data_compromised': ['names',
"driver's license numbers",
'passport numbers']},
'references': [{'date_accessed': '2022-08-08',
'source': 'California Office of the Attorney General'}],
'response': {'remediation_measures': 'Fixed the vulnerability'},
'threat_actor': 'Bug Bounty Detectorist',
'title': 'Yellow Social Interactive Limited Data Breach',
'type': 'Data Breach'}