The team at Security Detectives has discovered another leaky database. BigFooty, a popular Australian sports fan website, was found to be leaking around 132 GB (70 million records) of private information belonging to its 100,000 members. The data in some instances included “technical information relating to the company’s web and mobile sites.
The information was found on a compromised Elasticsearch server, and included data from the website’s forum, as well as private messages sent between users.
Although BigFooty.com did not reply to the research team’s initial contact, website admins have posted a data breach notification on their forum:
“Recently we learned of a security breach on BigFooty’s search index which, due to a mis-configuration, was publicly accessible without restriction,” the notice says. “This search index included content that may have been removed from public view on the forum, and other content where access was restricted. Access to the index was blocked as soon as we became aware of the issue on the 14th of May and commenced assessment of the breach. Whilst we now know that there was some unwanted interaction by unauthorised people, our investigation leads us to believe the whole index was not copied.”
What type of data did the leak expose?
The investigators noted that the website is predominantly anonymous and, while participants are not always identified, private information is frequently shared in messages, including:
• Usernames used to access Big.Footy.com• Passwords to live streams• Data relating to ad spammers• Email addresses• Relationships between users• Mobile phone numbers• User comments including personal threats and racist material• Personal information relating to real-world activities, intentions and behavior
Add ..
Support the originator by clicking the read the rest link below.
