Breaches

By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

38 million records were exposed in multiple data leaks resulting from misconfigured Microsoft Power Apps portals. Data included sensitive information such as COVID-19 contact tracing data, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses.

UpGuard Team

August 23, 2021

Out of Pocket: How an ISP Exposed Administrative System Credentials

ISPs do more than provide internet service for individual customers-- they can also act as part of US critical infrastructure. See how one ISP exposed their administrative and root passwords to the public.

UpGuard Team

October 23, 2019

Telecommunications Breakdown: How Russian Telco Infrastructure was Exposed

A storage device containing 1.7 terabytes of information detailing telecommunications installations throughout the Russian Federation was exposed to the public internet.

UpGuard Team

September 18, 2019

Political History: How A Democratic Organization Leaked Six Million Email Addresses

An AWS S3 bucket configured for public access contained a file from 2010 with six million email addresses, apparently from the Democratic Senatorial Campaign Committee.

UpGuard Team

September 6, 2019

Clinical Trials: How Personal Information for Thousands of Australians was Exposed

A company that matches individuals with clinical trials in Australia and New Zealand exposed personal information on over 37,000 people via a misconfigured MongoDB.

UpGuard Team

August 7, 2019

Medical Procedure: How a Misconfigured Storage Bucket Exposed Medical Data

Thousands of files including medical, business, and legal data were exposed via a misconfigured AWS S3 storage bucket.

UpGuard Team

July 17, 2019

Data Warehouse: How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups

Backups ensure data continuity, but they're also a surface of risk. See how Fortune 100 vendor Attunity exposed nearly a terabyte of internal backups.

UpGuard Team

June 27, 2019

Open Enrollment: How HCL Exposed Employee Passwords and Project Data

The UpGuard data breach research team discovered and secured leaks from IT services provider HCL, including new employee passwords.

UpGuard Team

May 21, 2019

Losing Face: Two More Cases of Third-Party Facebook App Data Exposure

Third-party Facebook apps gather Facebook data about the people who use them. While Facebook struggles to contain these exposures, insecure third-party data practices & misconfigured cloud systems continue to leak Facebook data to the internet. See how UpGuard discovered and secured two such cases.

UpGuard Team

April 3, 2019

Digital Gangsters, Disinformation and Dark Adverts: The UK Parliament DCMS Report

Based on UpGuard's data breach research, the UK Parliament’s DCMS Committee prepared and published the final report detailing their 18 month investigation into online disinformation and the privacy practices of platforms such as Facebook. Read about the report, and the AggregateIQ breach discovery.

UpGuard Team

February 18, 2019

Out of Commission: How the Oklahoma Department of Securities Leaked Millions of Files

A storage server configured for public access exposed millions of files belonging to the Oklahoma Securities Commission.

UpGuard Team

January 16, 2019

HR Violation: How a Corporate Data Exposure Can Affect Employees

UpGuard discovered and helped secure an Australian company's code repository containing SQL backups of employee information, banking data, and more.

UpGuard Team

September 29, 2018

Overboard: How Tea Party Campaign Assets Were Exposed Online

Read how a misconfigured Amazon S3 bucket exposed strategy documents and voter call lists for the Tea Party Citizen's Fund.

UpGuard Team

September 17, 2018

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.

Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.

Instant insights you can act on immediately
Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities

Free score

Book a free demo

Book a free, personalized onboarding call with one of our cybersecurity experts.

Contact sales

Free demo

UpGuard BreachSight

UpGuard Vendor Risk

Vendor Risk Assessments

Security Questionnaires

Security Ratings

Data Leaks Detection

Reporting & Dashboards

Integrations

AI Autofill

Financial Services

Technology

Healthcare

ISO 27001

NIST Cybersecurity Framework

SIG Lite Questionnaire

Top 10 Features to Look For in Vendor Risk Assessment Reports

Why Invest? Building a Case for Increasing Cybersecurity Budgets

What is IAM (Identity and Access Management)?

Blog

eBooks, Reports, & more

Events

UpGuard BreachSight

UpGuard Vendor Risk

Vendor Risk Assessments

Security Questionnaires

Security Ratings

Data Leak Detection

Integrations

Financial Services

Technology

Healthcare

Blog

Breaches

eBooks, Reports, & more

News

Events

Newsletter

By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

Out of Pocket: How an ISP Exposed Administrative System Credentials

Telecommunications Breakdown: How Russian Telco Infrastructure was Exposed

Political History: How A Democratic Organization Leaked Six Million Email Addresses

Clinical Trials: How Personal Information for Thousands of Australians was Exposed

Medical Procedure: How a Misconfigured Storage Bucket Exposed Medical Data

Data Warehouse: How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups

Open Enrollment: How HCL Exposed Employee Passwords and Project Data

Losing Face: Two More Cases of Third-Party Facebook App Data Exposure

Digital Gangsters, Disinformation and Dark Adverts: The UK Parliament DCMS Report

Out of Commission: How the Oklahoma Department of Securities Leaked Millions of Files

HR Violation: How a Corporate Data Exposure Can Affect Employees

Overboard: How Tea Party Campaign Assets Were Exposed Online

Sign up to our newsletter

Free instant security score

How secure is your organization?

Book a free demo

Products

Compare

Tools

Solutions

Resources

Company

Insights