1. Forum
  2. tqwNet
  3. TQW GENTECH

  • More than 3 million records, 12TB of data exposed in major app bu

    From TechnologyDaily@1337:1/100 to All on Thu Jun 5 14:45:08 2025
    More than 3 million records, 12TB of data exposed in major app builder breach

    Date:
    Thu, 05 Jun 2025 13:32:00 +0000

    Description:
    The hole was quickly plugged, but millions of records may have been affected.

    FULL STORY ======================================================================Passion. io, a major no-code app-building app, operated a non-password-protected database The archive contained millions of records, with a total size of around 12TB It was since then locked down, but users should still take care

    Millions of records containing sensitive, personally identifiable
    information, were sitting online in yet another unencrypted, non-password-protected database , experts have warned.

    Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor , the database contained 3,637,107 records, and was 12.2TB in total size.

    It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.

    Save up to 68% for TechRadar readers

    TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. View Deal Locking the archive down

    Fowler said that he analyzed a limited sampling of the exposed documents and saw internal files, images, and spreadsheet documents marked as users and invoices.

    These files contained peoples names, email addresses, postal addresses, and details about payments or payouts for users and app creators.

    This type of information is a treasure trove for cybercriminals. They can use it to create convincing phishing emails, tricking Passions users into making rash, dangerous decisions. Besides phishing, the data can be used in identity theft , wire fraud, and other types of scams.

    The researcher notified Passion.io about his findings, and got a response on the same day. The database was locked down, and the company confirmed it was working on putting guardrails in place so that mishaps like this one dont repeat.

    Were treating this very seriously and moving fast, the company told Fowler.

    So far, there is no evidence the information is circulating on the dark web - and it's also not known if Passion.io is the one managing the database, or if the job was outsourced to a third party.

    Without a thorough investigation, there is no way of knowing for how long the database remained open, or if any threat actors found it already. You might also like Entire Brazilian population potentially put at risk by major data leak Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/more-than-3-million-records-12tb-of-dat a-exposed-in-major-app-builder-breach


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)