U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

An IndyCar archive left unprotected online, details on 200k racing fans exposed

A notorious security expert has discovered online an open Rsync server hosting the personal details for at least 200,000 IndyCar racing fans. The notorious expert Chris Vickery has discovered an open Rsync server hosting the personal details for at least 200,000 racing fans. Further analysis revealed that data belongs to the archive of a defunct racing […]

An IndyCar archive left unprotected online, details on 200k racing fans exposed

A notorious security expert has discovered online an open Rsync server hosting the personal details for at least 200,000 IndyCar racing fans.

The notorious expert Chris Vickery has discovered an open Rsync server hosting the personal details for at least 200,000 racing fans.

Further analysis revealed that data belongs to the archive of a defunct racing forum called DownForce that was a component of a platform used by IndyCar.

Accessing the DownForce was costing a $28.99 fee, but racing fans could get access to a number of other services, including a private message board for “the INDY DownForce community” by paying a $13.99 supplemental fee.

According to Vickery, the archive included data related to the daily operations of the users of the forum, including employee login credentials.

IndyCar racing fans data leak

Vickery has found open on the Internet the entire DownForce backup that contains details of hundreds of thousand users’ details, including first and last name, date of birth, gender, mailing address, password hash, security questions, and answers.

“The online security of over 200,000 Indycar racing fans was put in jeopardy recently. Earlier this month I discovered a large collection of publicly exposed MySQL database backup files at an IP resolving to ims-mysql.indycar.com.” reads a blog post published by the expert.

“It’s important to point out that the IndyCar bulletin board these accounts come from has since been retired. So, there is no need to change your IndyCar forum login password,” 

Why users’ data were left unprotected online?

“That’s nothing but liability. They are putting customers at risk for no gain,” said Vickery.

“I can only assume the attorneys and risk-management folks working for IndyCar were unaware that defunct forum logins were being stored.”

According to Salted Hash, the person who is managing the IndyCar account told Vickery the company was handling the issue.

Chris Vickery discovered many other clamorous cases of open database exposed on the Internet. In December 2015 the security expert discovered 191 million records belonging to US voters online, in April 2016 he also discovered a 132 GB MongoDB database open online and containing 93.4 million Mexican voter records.

In March 2016, Chris Vickery has discovered online the database of the Kinoptic iOS app, which was abandoned by developers, with details of over 198,000 users.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – DownForce forum, racing fans)