Skip to main content

DATA BREACH: Global Document Translation Service Exposed Records Online

Global Document Translation Service Exposed Highly Sensitive Records Online
Syndicated By: Iain Fraser - Cybersecurity Journalist Gibraltar

10th July 2023

Recently, security researcher Jeremiah Fowler discovered and reported to WebsitePlanet a non-password protected database containing more than 25k records. The publicly exposed documents included highly sensitive files, which contained personally identifiable information (PII).

The unsecured database contained internal screenshots of source code as well as customer documents that were stored in uploads folders. These documents include: US Federal and State tax filings, passports, driver licenses, birth and marriage records, business documents, denied visa petitions, among other files from customers around the world. Upon further research, there were references and invoices linked to a NYC-based translation service provider, Kings of Translation. The company offers translation services and claims to have locations in the UK and Latvia. The database contained a total of 25,601 records. Kings of Translation purportedly used its own technology to let customers upload their documents and pay for the order automatically. I immediately sent a responsible disclosure notice to Kings of Translation. Despite receiving no response, I noted that public access to the database was restricted the following day.

People usually don’t consider how paper documents offline can become an online data risk, but this discovery proves that even those documents can be compromised. In my years as a security researcher, I have seen all types of documents and data breaches from a wide range of industries, organizations, and businesses, and this is the first time I have found the data of a translation service and its customers. However, I have never seen such a wide range of documents in a single database before. Some businesses handle more sensitive records than others, and usually the documents they collect and store are related to their specific business or industry. Documents that need to be translated are often of significant importance and may be required by foreign governments or educational institutions, or for acquiring crucial records such as birth, marriage, divorce, death certificates, among others. Learn More /... 

About Jeremiah Fowler

Jeremiah Fowler is a Security Researcher and co-founder of Security Discovery. Jeremiah began his career in security research in 2015 and has a mission of data protection. He has helped identify and secure the data of millions of people around the world. His discoveries have been covered in Forbes, BBC, Gizmodo, among others. Security and responsible disclosure are not only a passion, but a way of protecting our digital lives. Learn More /...


Cybersecurity Journalist Gibraltar


Labels:

Comments

Post a Comment

Popular posts from this blog

CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information

Tuesday, 5th December 2023 CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information By Jeremiah Fowler - Website Planet  Syndicated By IainFraser.net/CYBER_Voice Daily Cyber Insights  Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 56,000 records, including pet medical reports, DNA tests, pedigree history and other potentially sensitive information. As a long-time cyber security researcher, this is one of the most interesting discoveries I have ever encountered and a first for me.  I recently discovered a non-password protected database that contained records of thousands of dogs from around the world and included the information of their human owners. The publicly exposed cloud storage database contained a total of 56,624 documents in .PDF, .png, and .jpg formats with a total size of 25 GB. Upon further investigation, the database appeared...
Post a Comment
Learn More »

CYBERSECURITY NEWS: ECSO Launches its latest ground-breaking initiative CYBERHive

28th November 2023  CYBERSECURITY NEWS: ECSO Launches its latest ground-breaking initiative CYBERHive  Syndicated By: Iain Fraser/ Cyber PR Wire via IainFRASER.net/ CyberPRWire ECSO is delighted to announce the launch of its new, ground-breaking initiative: Cyberhive EUROPE. Cyberhive is the first-ever European marketplace co-created with- and for the European cybersecurity ecosystem, and will offer global accessibility to all Europe-headquartered cybersecurity solution providers, while also being freely accessible to end-users worldwide. Through the Cyberhive, ECSO will connect market players, promote European-made products, and ultimately strengthen the European cybersecurity market as a whole. To learn more about the Cyberhive, read below.  The second Annual CISO Meetup, organised by ECSO, starts today! Over 150 CISOs are joining us in Florence from all over Europe to engage in high-level discussions on critical cybersecurity topics. Read more below. Learn More /... ...
Post a Comment
Learn More »

CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance

Tuesday, 28th November 2023 CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance Posted by: Iain Fraser - Cybersecurity Journalist Gibraltar via IainFraser.net/ Daily Cyber Insights CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance The UK NCSC & US CISA have joint-published what they term as "security-focused guidance" for AI & ML developers and those who leverage AI/ML with their protocols and systems.  The Publication of Guidelines for Secure AI System Development (PDF),  apply to all types of AI/ML systems, regardless of whether built from wireframe up or added as a bolt-on on third-party resources, to address issues related to AI, cybersecurity, and critical infrastructure. Devised to be used in conjunction with existing Cybersecurity, Incident Response and Cyber Risk-Management protocols. The NCSC and CISA have said “Providers should implement security controls and mitigations where possible within their mode...
Post a Comment
Learn More »