Exposed 21,612 records of Kars4Kids users
Security researcher Bob Diachenko has discovered a Kars4Kids users database, a nonprofit, unprotected car donation organization that contained 21,612 records with personal details.
The data was available from multiple misconfigured MongoDB instances, which included information regarding email addresses and personal data, as well as login credentials with administrator privileges.
Bob Diachenko contacted Kars4Kids to inform them about the security vulnerability, and they replied that they had secured the vulnerable database, notified the FBI of the incident and informed the donors whose information was affected.
References:
- 13/11/2018 linkedin.com Children’s charity Kars4Kids leaks info on thousands of donors, internal passwords online, and evidence of a ransom attack
- 14/11/2018 news.softpedia.com 21K Donors Had Their Personal Info Leaked Following Kars4Kids Data Breach
- 14/11/2018 scmagazine.com 22,000 Kars4Kids donor data records exposed
- 14/11/2018 techcrunch.com 1-877-KARS4KIDS had a data breach
- 18/11/2018 2-spyware.com Due to unprotected database, Kars4Kids suffered from the data breach