Major cybersecurity discoveries, vulnerability research, and threat findings that have shaped the digital security landscape through responsible disclosure.
Discovered massive database containing 49 million Instagram influencer records exposed online. The database included personal contact information, bios, profile pictures, follower counts, and location data for celebrities and brand accounts.
Discovered exposed database belonging to Asian technology firm YX International that was leaking 2FA SMS messages for Google, Facebook, WhatsApp, and TikTok. The company routes 5 million SMS messages daily through unprotected infrastructure.
Uncovered 3 terabytes of unclassified US military emails from Special Operations Command exposed on Microsoft Azure cloud server without password protection for over 2 weeks, affecting approximately 20,600 individuals.
Discovered 400GB of scraped data from 214 million Facebook, Instagram, and LinkedIn users exposed through unsecured ElasticSearch database hosted by Chinese startup. The data included private information not publicly available on profiles.
Identified exposed database containing personal information of Shell Recharge electric vehicle charging station customers across 33+ countries, including names, addresses, phone numbers, and vehicle identification numbers.
Found India's largest online poker platform exposing sensitive user information through misconfigured database for over 2 months, affecting millions of registered users across the gaming platform.
Uncovered 3GB of scraped Facebook user data from 12 million Vietnamese users on Elastic server, raising concerns about data scraping vulnerabilities in social media platforms and third-party API security.
Discovered significant data breach at Brazilian online retailer Natura & Co exposing 192 million records including personally identifiable information through unsecured database.
Identified Australian trading company ACY Securities unintentionally revealing 60GB of personal and financial information belonging to users across multiple countries including India, China, Spain, and Brazil.
Discovered prominent US online casting agency MyCastingFile.com leaking personal data belonging to more than 260,000 actors and entertainment industry professionals through unsecured database.
Uncovered massive data breach at Indian e-learning platform Edureka affecting up to 2 million users, exposing names, email addresses, phone numbers, and login activity records on Amazon servers.
Discovered government-backed Indian travel marketplace RailYatri exposing 43GB of customer and corporate data including full names, age, gender, addresses, phone numbers, booking details, GPS location, and payment card information.
Discovered security lapse at legaltech platform CrimeCheck exposing sensitive legal and personal information, highlighting vulnerabilities in legal technology infrastructure handling confidential data.
Identified data exposure in homegrown social media app Slick that exposed users' personal information, including data belonging to children, raising concerns about youth privacy protection in social platforms.
Discovered massive database containing 49 million Instagram influencer records exposed online. The database included personal contact information, bios, profile pictures, follower counts, and location data for celebrities and brand accounts.
Uncovered 3GB of scraped Facebook user data from 12 million Vietnamese users on Elastic server, raising concerns about data scraping vulnerabilities in social media platforms and third-party API security.
Discovered prominent US online casting agency MyCastingFile.com leaking personal data belonging to more than 260,000 actors and entertainment industry professionals through unsecured database.
Discovered government-backed Indian travel marketplace RailYatri exposing 43GB of customer and corporate data including full names, age, gender, addresses, phone numbers, booking details, GPS location, and payment card information.
Uncovered massive data breach at Indian e-learning platform Edureka affecting up to 2 million users, exposing names, email addresses, phone numbers, and login activity records on Amazon servers.
Discovered 400GB of scraped data from 214 million Facebook, Instagram, and LinkedIn users exposed through unsecured ElasticSearch database hosted by Chinese startup.
Identified Australian trading company ACY Securities unintentionally revealing 60GB of personal and financial information belonging to users across multiple countries including India, China, Spain, and Brazil.
Uncovered 3 terabytes of unclassified US military emails from Special Operations Command exposed on Microsoft Azure cloud server without password protection for over 2 weeks.
Found India's largest online poker platform exposing sensitive user information through misconfigured database for over 2 months, affecting millions of registered users.
Identified exposed database containing personal information of Shell Recharge electric vehicle charging station customers across 33+ countries.
Discovered exposed database leaking 2FA SMS messages for Google, Facebook, WhatsApp, and TikTok. The Asian technology firm was routing 5 million SMS messages daily through an unprotected database.