home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   CONSPRCY      How big is your tinfoil hat?      2,445 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,283 of 2,445   
   Mike Powell to All   
   Millions of UK healthcare   
   16 Apr 25 09:21:00   
   
   TZUTC: -0500   
   MSGID: 1016.consprcy@1:2320/105 2c64f74c   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Millions of UK healthcare worker records exposed in massive software breach   
      
   Date:   
   Wed, 16 Apr 2025 12:03:00 +0000   
      
   Description:   
   Researchers found unprotected database containing ID cards and other    
   sensitive data.   
      
   FULL STORY   
      
   Millions of healthcare workers in the United Kingdom have had their sensitive   
   data leaked online, after a non-password-protected database was found   
   unsecured on the internet.    
      
   Security researcher Jeremiah Fowler found a database 1.1TB in size containing   
   almost eight million files (7,975,438), including images and .PDF files, work   
   authorization documents, national insurance numbers, certificates, electronic   
   signatures, timesheets, user images, and government-issued identification   
   documents.    
      
   Furthermore, the archive contained 656 directory entries indicating different   
   companies, the majority of which were healthcare providers, recruiting   
   agencies, and temporary employment services.    
      
   Identity theft and other risks   
      
   Fowler determined the database belonged to Logezy, an employee management and   
   tracking software company based in the UK.    
      
   He notified Logezy of his findings, and the company locked the database down   
   shortly after.    
      
   To hunt for unprotected databases, researchers would use a specialized search   
   engine, such as Shodan, and analyze the results.    
      
   So far, Fowler has found dozens of similar instances, including ClickBalance   
   (more than 750 million records), DM Clinical Research (over a million    
   clinical records), or ServiceBridge (31 million).    
      
   Without a detailed forensic analysis, it is impossible to know if a threat   
   actor already accessed the database and exfiltrated the information found   
   there.    
      
   It is also impossible to know for how long the archive remained unlocked, and   
   if Logezy managed it, or a third party on its behalf.    
      
   These instances are considered a low-hanging fruit for cybercriminals.   
   Stealing this information does not require phishing, social engineering,   
   hunting for zero-day vulnerabilities, or exploiting unpatched endpoints.    
      
   Yet, the data inside is valuable since its usually up-to-date and can be used   
   in all sorts of fraud, including wire fraud, payment scams, identity theft ,   
   and more.    
      
   If you have used Logezy in the past, it would be wise to keep a closer eye on   
   your accounts and credit reports for potentially suspicious activity.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/millions-of-uk-healthcare-worker-record   
   s-exposed-in-massive-software-breach   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca