1. Forum
  2. FidoNet
  3. CONSPRCY

  • Over 1 million records fr

    From Mike Powell@1:2320/105 to All on Fri Jul 18 10:17:37 2025
    Over 1 million records from US adoption organization left exposed online

    Date:
    Thu, 17 Jul 2025 14:39:00 +0000

    Description:
    The database is now locked down.

    FULL STORY

    Gladney Centre for Adoption, a non-profit adoption agency, was leaking sensitive information about children, parents, employees, and other people by keeping an unprotected database.

    Earlier this week, Jeremiah Fowler, a security researcher known for hunting
    for non-password-protected, unencrypted databases, found one that was 2.49 GB in size, and which contained more than 1.1 million records.

    The records included names of children, birth parents, adopted parents, employees, and leads. Besides the names, there were also phone numbers,
    postal addresses, information about birth fathers, and data on whether people were approved, or denied, becoming an adoptive parent.

    Abusing the info for phishing

    The information is highly sensitive, and as such - very valuable to cybercriminals. Crooks can use it to create custom-built, convincing phishing emails, through which they can deploy malware, steal banking information, or other login credentials, resulting in identity theft , wire fraud, and
    possibly ransomware .

    For example, a cybercriminal might find a person that was previously denied becoming a foster parent, and send them an email notifying them of a change
    in their status. However, to finalize the process, they would need to pay a
    fee within a 24-hour window. This is just a theoretical example of how crooks could abuse Gladneys data.

    The good news is, there is no evidence anyone discovered the archive before Fowler did. As soon as the database was found, the researcher reached out to Gladney, who locked it down almost immediately. We dont know for how long it remained active, and to be certain the files werent stolen - there would need to be a detailed forensic analysis.

    We also dont know if Gladney was the one maintaining this database, or if
    that was the work of a third party. We do know that it was generated by a Customer Relationship Management (CRM) system.

    Via Website Planet

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/over-1-million-records-from-us-adoption -organization-left-exposed-online

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)