'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Database exposed via elastic search cluster without password protection.
13 June 2022BREACHAWARE HQ
A total of 5 breach events were found and analysed resulting in 102,560 exposed accounts containing a total of 13 different data types of personal datum . The breaches found publicly and freely available included Qatar National Bank, Nerdweb, Lime VPN, The Northern Alberta Radio Club and Desh Hosting. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Financial Data, Socia-Demographic Data, Usage Data.
Data Breach Analysis
Among the most significant breaches in this set was Qatar National Bank (QNB). As a prominent financial institution, any exposure of user data from such an organisation presents serious concerns. Even limited information from a bank, such as names, account identifiers, or internal referencing, can open the door to social engineering, identity theft, or phishing schemes. Financial institutions are expected to maintain high standards of data protection, so any publicly accessible breach also invites heightened regulatory and reputational scrutiny.The breach at Lime VPN, a virtual private network service provider, is equally troubling. VPNs are often used specifically to enhance user privacy, anonymise online activity, and avoid surveillance. When such services themselves become compromised, it undermines the core premise of their value. Users may be unaware that their session data, email addresses, or login details were ever stored insecurely, let alone leaked. The result is a double betrayal of privacy: both in trust and in data exposure.
Also featured in this breach set is Nerdweb, a tech-centric platform likely catering to developers, enthusiasts, or a niche digital community. While the number of exposed accounts from such sites may be smaller in scale, the impact can be significant if those users reuse credentials or if the compromised platform integrates with larger services.
The Northern Alberta Radio Club, a community-focused amateur radio organisation, reflects how even non-commercial, hobbyist websites are not exempt from being targets or casualties of poor digital hygiene. Small platforms often lack the resources for strong security practices, yet they still collect enough personal information to make breaches worth exploiting for malicious actors.
Finally, Desh Hosting, a web hosting provider, presents yet another layer of concern. Hosting companies manage digital infrastructure for others, and a breach at this level could potentially expose client configurations, admin credentials, or site databases, depending on what was compromised. Even if only user contact information was leaked, this can still lead to follow-on attacks like domain hijacking, phishing, or targeted spam.
What these events collectively reveal is that no organisation is too large to avoid being breached, and no platform is too small to matter. While only 102,560 accounts were exposed across these five incidents, a relatively low number compared to some mega-breaches, the type of organisations involved makes the risk to affected individuals disproportionately high.
These incidents also highlight the challenge of publicly accessible breach datasets, data that, once leaked, is not just in the hands of the original attackers but becomes widespread and persistent across forums, dark web markets, and indexing bots. Once public, retrieval is nearly impossible, and affected users remain vulnerable for years.
From a response perspective, this batch underscores the urgent need for small and mid-sized organisations to prioritise cybersecurity, even without enterprise-scale resources. Open-source tools, managed detection services, and stronger compliance adherence can go a long way in preventing and mitigating such exposures.
In closing, while the number of accounts affected may not break records, the nature of the platforms involved makes these five breaches especially sobering. From banking to VPNs to online infrastructure, users placed trust in services designed to protect them, and that trust was breached.
Spotlight
There maybe an unusual number of red faces about this week after a large security breach left a private cam modelling site’s database exposed online, leaked via an elastic-search cluster and without password protection. The site has a huge user-base of around 20 million users and there are reports suggesting that upwards of 7 million users could be affected.A variety of datasets were included in the data leak but a couple of the datasets worth a mention includes the IP address of the cam models and their ISP’s (internet service provider).
Clearly, revealing a models IP address and then perhaps their physical location exposes the user to a very much higher level of risk. It leads me to conclude that the site doesn’t take the physical security of its users as seriously as they should.
A member of our team came across a recent breach from a platform offering online courses and tuition. The site offers a range of courses from advertising to marketing and has thousands of course creators. It has an “Excellent” rating on Trust Pilot and seems to be doing well in a crowded marketplace. However, and we have seen this so many times, security doesn’t seem to be a priority and the site recently suffered a data breach. The login details for the site and other datasets are now in circulation around the web, the passwords are hashed brycpt making it harder to dehash but not impossible. At this point in time no information on the security breach has been released by the website in question.
Moving on, an Indian business solution website for Stock Brokers is definitely having a bad day. We noticed that a portion of their user-base has been dumped online and the rest is up for sale. The dump contains a lot of sensitive data, for example passport number, bank name and pan account number - which is 19-digit number generated as a unique identifier for your credit card.
These datasets are highly sensitive and particularly rewarding to threat actors after your cash. The hacker who is selling the data says they have over 86k users. We’re not sure how much the data is being sold for, as its price on request.
