TZUTC: -0500   
   MSGID: 1244.consprcy@1:2320/105 2cdfa06d   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Over 1 million records from US adoption organization left exposed online   
      
   Date:   
   Thu, 17 Jul 2025 14:39:00 +0000   
      
   Description:   
   The database is now locked down.   
      
   FULL STORY   
      
   Gladney Centre for Adoption, a non-profit adoption agency, was leaking   
   sensitive information about children, parents, employees, and other people by   
   keeping an unprotected database.    
      
   Earlier this week, Jeremiah Fowler, a security researcher known for hunting   
   for non-password-protected, unencrypted databases, found one that was 2.49 GB   
   in size, and which contained more than 1.1 million records.    
      
   The records included names of children, birth parents, adopted parents,   
   employees, and leads. Besides the names, there were also phone numbers,    
   postal addresses, information about birth fathers, and data on whether people   
   were approved, or denied, becoming an adoptive parent.    
      
   Abusing the info for phishing   
      
   The information is highly sensitive, and as such - very valuable to   
   cybercriminals. Crooks can use it to create custom-built, convincing phishing   
   emails, through which they can deploy malware, steal banking information, or   
   other login credentials, resulting in identity theft , wire fraud, and   
   possibly ransomware .    
      
   For example, a cybercriminal might find a person that was previously denied   
   becoming a foster parent, and send them an email notifying them of a change    
   in their status. However, to finalize the process, they would need to pay a   
   fee within a 24-hour window. This is just a theoretical example of how crooks   
   could abuse Gladneys data.    
      
   The good news is, there is no evidence anyone discovered the archive before   
   Fowler did. As soon as the database was found, the researcher reached out to   
   Gladney, who locked it down almost immediately. We dont know for how long it   
   remained active, and to be certain the files werent stolen - there would need   
   to be a detailed forensic analysis.    
      
   We also dont know if Gladney was the one maintaining this database, or if    
   that was the work of a third party. We do know that it was generated by a   
   Customer Relationship Management (CRM) system.    
      
    Via Website Planet   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/over-1-million-records-from-us-adoption   
   -organization-left-exposed-online   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426