A large scale data exposure incident has come to light involving the Gladney Center for Adoption, a U.S.-based non-profit that helps connect children with adoptive families. According to a cybersecurity researcher, an unsecured database containing over a million sensitive records was recently discovered online.
The breach was uncovered by Jeremiah Fowler, a researcher who specializes in finding misconfigured databases. Earlier this week, he came across a large file measuring 2.49 gigabytes that was publicly accessible and unprotected by a password or encryption.
Inside the database were more than 1.1 million entries, including names and personal information of children, biological parents, adoptive families, employees, and potential applicants. Details such as phone numbers, mailing addresses, and information about individuals’ approval or rejection for adoption were also found. Even private data related to biological fathers was reportedly visible.
Experts warn that this kind of data, if accessed by malicious actors, could be extremely dangerous. Scammers could exploit the information to create convincing fake emails targeting people in the database. These emails could trick individuals into clicking harmful links, revealing banking details, or paying fake fees leading to financial fraud, identity theft, or even ransomware attacks.
To illustrate, a criminal could pretend to be an official from the adoption agency, claiming that someone’s previous applic
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: