TZUTC: -0500   
   MSGID: 832.consprcy@1:2320/105 2c528530   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Top gig platform service may have leaked over 14 million user files   
      
   Date:   
   Wed, 02 Apr 2025 11:04:00 +0000   
      
   Description:   
   Yoojo kept a major database out in the open, available for anyone who knew   
   where to look.   
      
   FULL STORY   
      
   Yoojo, a European service marketplace, reportedly kept a major database open   
   on the internet available for anyone who knew where to look containing    
   roughly 14.5 million files, including plenty of sensitive customer   
   information.    
      
   Security researchers from Cybernews discovered the misconfigured cloud    
   storage bucket and told Yoojo, which subsequently locked the archive down.    
      
   The information leaked in the database is more than enough for your average   
   cybercriminal to run personalized phishing attacks, identity theft , or   
   possibly even wire fraud. It includes peoples full names, passport   
   information, other government-issued IDs, text messages between users, and   
   phone numbers.    
      
   Remote code execution risks   
      
   Yoojo is an online platform that connects people with home service providers   
   for tasks such as DIY, gardening, moving, house cleaning, childcare, pet   
   sitting, IT support, homecare, and tutoring.    
      
   According to Cybernews , it has more than half a million downloads on Google   
   Play, and is relatively popular in the UK, France, Spain, and the    
   Netherlands.    
      
   The database was exposed for at least 10 days, the researchers said, adding   
   that there was no indication of misuse. However, that doesnt mean that    
   someone hadnt managed to get ahold of the archives already. Yoojo closed the   
   instance down, but is yet to make an official statement.    
      
   Leaked personal details enables attackers to create highly targeted phishing,   
   vishing, and smishing campaigns. Fraudulent emails and SMS scams could    
   involve impersonating Yoojo service providers asking for sensitive    
   information like payment details or verification documents, Cybernews   
   researchers said.    
      
   Misconfigured databases remain one of the key causes of data leaks and    
   spills. Many organizations nowadays use cloud to store sensitive employee,   
   partner, and customer information, without realizing that cloud works on a   
   shared security model, and that the responsibility for safeguarding the data   
   is also on them.    
      
   The good news is that most organizations react quickly when notified about    
   the leak and lock down the databases fast.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/top-gig-platform-service-may-have-leake   
   d-over-14-million-user-files   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426