1. Forum
  2. FidoNet
  3. POLITICS

  • Social platform for US an

    From Mike Powell@1:2320/105 to All on Thu Nov 21 10:44:00 2024
    Social platform for US and UK military may have exposed over a million records

    Date:
    Thu, 21 Nov 2024 13:01:00 +0000

    Description:
    Armed forces members could be subject to identity theft attacks and extortion after exposed database was discovered.

    FULL STORY

    A top cybersecurity researcher has uncovered an unprotected online database containing sensitive PII and data for members of the US and UK armed forces.

    Jeremiah Fowler's writeup, shared with VPNMentor , outlines how the database belonged to Forces Penpals, a dating and social networking service for
    members of the armed forces, and contained 1,187,296 records.

    Much of the data apparently included full names, addresses, social security numbers of US personnel, National Insurance Numbers and Service Numbers of UK personnel, along with rank, branch of service, dates, and locations of
    military service members.

    Armed forces data left exposed

    The database was discovered by Fowler without encryption or password protection, meaning that the database could have been accessed by anyone with an internet connection.

    Fowler notified Forces Penpals about the exposure, and the database was protected the following day, however it is not known how long the database
    was exposed for, with Fowler noting that, Only an internal forensic audit
    could identify additional access or potentially suspicious activity.

    Forces Penpals, which claims to have over 290,000 members, both civilian and military, replied to the exposure notice, and provided an explanation, Thank you for contacting us. It is much appreciated. Looks like there was a coding error where the documents were going to the wrong bucket and directory
    listing was turned on for debugging and never turned off. The photos are
    public anyway so that's not an issue, but the documents certainly should not
    be public.

    The level of detail contained within some of the documents would provide a malicious user with enough information to launch an identity theft or social engineering campaign against exposed users.

    Additionally, Fowler says, some of the exposed data contained within the database, such as ranks, levels of security clearance, and locations, could have national security implications.

    Earlier this year, Chinese state-sponsored threat actors reportedly breached
    a third-party contractor for the UK Ministry of Defense and accessed the data of armed forces personnel, with a similar attack attempting to steal records
    of ex-RAF pilots also attributed to Chinese state-sponsored groups.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/social-platform-for-us-and-uk-military-may-have- exposed-over-a-million-records

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)