1. Forum
  2. FidoNet
  3. CONSPRCY

  • Top gig platform service

    From Mike Powell@1:2320/105 to All on Wed Apr 2 09:37:00 2025
    Top gig platform service may have leaked over 14 million user files

    Date:
    Wed, 02 Apr 2025 11:04:00 +0000

    Description:
    Yoojo kept a major database out in the open, available for anyone who knew where to look.

    FULL STORY

    Yoojo, a European service marketplace, reportedly kept a major database open
    on the internet available for anyone who knew where to look containing
    roughly 14.5 million files, including plenty of sensitive customer
    information.

    Security researchers from Cybernews discovered the misconfigured cloud
    storage bucket and told Yoojo, which subsequently locked the archive down.

    The information leaked in the database is more than enough for your average cybercriminal to run personalized phishing attacks, identity theft , or possibly even wire fraud. It includes peoples full names, passport
    information, other government-issued IDs, text messages between users, and phone numbers.

    Remote code execution risks

    Yoojo is an online platform that connects people with home service providers for tasks such as DIY, gardening, moving, house cleaning, childcare, pet sitting, IT support, homecare, and tutoring.

    According to Cybernews , it has more than half a million downloads on Google Play, and is relatively popular in the UK, France, Spain, and the
    Netherlands.

    The database was exposed for at least 10 days, the researchers said, adding that there was no indication of misuse. However, that doesnt mean that
    someone hadnt managed to get ahold of the archives already. Yoojo closed the instance down, but is yet to make an official statement.

    Leaked personal details enables attackers to create highly targeted phishing, vishing, and smishing campaigns. Fraudulent emails and SMS scams could
    involve impersonating Yoojo service providers asking for sensitive
    information like payment details or verification documents, Cybernews researchers said.

    Misconfigured databases remain one of the key causes of data leaks and
    spills. Many organizations nowadays use cloud to store sensitive employee, partner, and customer information, without realizing that cloud works on a shared security model, and that the responsibility for safeguarding the data
    is also on them.

    The good news is that most organizations react quickly when notified about
    the leak and lock down the databases fast.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-gig-platform-service-may-have-leake d-over-14-million-user-files

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)