Notices by JayeLTee (jayeltee@infosec.exchange)

@GossiTheDog Their dev and staging servers are also publicly exposed 🫠

I received an email earlier this week from EA asking if I wanted to be added to a public acknowledgement page they were creating for individuals who responsibly disclosed vulnerabilities to them.

For all the shit people give EA, of the 100+ companies I contacted in the last two years, they were the only company I would say had a decent incident response.

They fixed the issue within 12 hours after validating it as critical, and proactively provided me multiple updates over time.

When the IR was done on their side, they reached out again with some more information about the potential impact if the issue hadn't been solved quickly, and also offered me a reward.

I did not have to keep chasing anyone for updates, I wasn't asked for non-disclosure, or offered money in exchange for it, and people replied instead of ignoring me.

I wasn't blamed for their mistake, either, or reported to the authorities.

Unfortunately, at least one or multiple of the things mentioned above are present in most of my other incidents reported; it's a real shit show out there.

#cybersecurity #infosec #responsibledisclosure #vulnerability #ea #electronicarts

All-in-One platform leaks millions of attachments from their clients.

This server contained a bit of everything, from sensitive piercing selfies next to identity docs, to passports, cvs, insurance docs and more.

Read about it here: https://jltee.substack.com/p/all-in-one-platform-gohighlevel-exposed-attachments-from-clients

#cybersecurity #infosec #data #dataleak #leak #gohighlevel #highlevel

Dealing with something ridiculous at the moment that is a great example of just how 'easy' it really is to close down exposed data:

Found a server recently with no access controls at all that was hit by ransomware in May 2024 and most of the data is encrypted. (It got hit by an automated script, it wasn't targeted by a ransom group)

Found a non encrypted directory:

The company is STILL uploading, monthly, hundreds of millions of records of logs with their clients data.

Tried to reach out to the company, nothing. Company is from AUS so I tried ASD, nothing.

I sent an email to AUSCERT, they validated with me the issue and forwarded the information and my contact to ASD, they also tried to reach out to the company themselves.

Not a word from anyone and the server is still exposed a month after my initial alerts.

Logs are still being uploaded to the server so it's obvious no one did anything.

So what am I supposed to do here?

#cybersecurity #infosec #ransomware #asd #australia

@GossiTheDog

Great way to close too, cancel the recurring payment on the day it's supposed to renew and don't say anything about it or that they are closing.

Only found out they were closing because I made a post earlier here and someone linked me that same link that is buried on that website.

They also say "All free subscriptions will end on March 31, 2025, as of 11:59 p.m. GMT." but I checked with multiple people who have free accounts and none of them could do any queries.

Sure makes people want to move to the alternatives they are trying to push on that blog post 😂

I asked for help here some months ago about one of the servers on this post that was hosted by Microsoft.

You can read about how that and other servers with infostealer logs ended up closed.

Hint: MSRC Portal is basically useless.

https://jltee.substack.com/p/billions-of-infostealer-logs-exposed

#cybersecurity #infosec #infostealer #data #databases #microsoft

🇳🇿 I've had quite a few outrageous responses to my alerts, this is another one of those, sent by teammateapp.com CEO.

After my initial alert and follow up email, I get a reply lying about the severity of the exposure and telling me to stop harassing the company.

This CEO also didn't know what Proton is and thought I work for them and threatened to report me to them in case I didn't stop. :blobshrug:

Read about it here: https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security

#cybersecurity #infosec #privacy #database #databreach #leak #newzealand #nz #teammateapp #ceo #incidentresponse

🇬🇧 Security company Assist Security exposed over 100,000 sensitive files publicly.

If you're curious what kind of wild excuses I get from companies, this one tried to claim only the file structure was exposed. Apparently I look at filenames and paths and figure what's there from the names only and report this to companies :blobwizard:

https://jltee.substack.com/p/security-company-assist-security-exposed-data

#cybersecurity #infosec #leak #dataleak #unitedkingdom #uk #security #AssistSecurity

🇲🇽 Cargamos.com, a package delivery company was exposing over 6 million files for over a year.

I've always opted to keep trying some other way to get a server closed instead of going public about the issue until earlier this week.
I've contacted multiple GOV/CERT emails in Mexico over multiple issues and I never got a meaningful reply.
The company ignored my contact, so I either let it go and see it posted eventually by some "ransomware" group or I make enough noise publicly that the company will get alerted about it.

Today, 2 days after an article came out on a Mexican news website, the exposure was closed down.

Read the article, in Spanish, that made the company close the server down:

https://www.publimetro.com.mx/noticias/2024/12/16/start-up-mexicana-deja-a-merced-de-hackers-6-millones-de-archivos-de-clientes-y-repartidores/

#cybersecurity #infosec #leak #dataleak #mexico

A tip to all of you out there struggling to keep your company services accessibility to 100%, if you delete the logs that show the down time, your up time will always be 100% :ablobcool:

#cybersecurity #infosec

@patrickcmiller Exactly my experience, created an account, followed a couple of cybersec/infosec pages and with 0 posts or replies in a couple of days I had 20 followers, all female profiles, all bots.