🇬🇧 Security company Assist Security exposed over 100,000 sensitive files publicly.

If you're curious what kind of wild excuses I get from companies, this one tried to claim only the file structure was exposed. Apparently I look at filenames and paths and figure what's there from the names only and report this to companies :blobwizard:

https://jltee.substack.com/p/security-company-assist-security-exposed-data

🇲🇽 Cargamos.com, a package delivery company was exposing over 6 million files for over a year.

I've always opted to keep trying some other way to get a server closed instead of going public about the issue until earlier this week.
I've contacted multiple GOV/CERT emails in Mexico over multiple issues and I never got a meaningful reply.
The company ignored my contact, so I either let it go and see it posted eventually by some "ransomware" group or I make enough noise publicly that the company will get alerted about it.

Today, 2 days after an article came out on a Mexican news website, the exposure was closed down.

Read the article, in Spanish, that made the company close the server down:

https://www.publimetro.com.mx/noticias/2024/12/16/start-up-mexicana-deja-a-merced-de-hackers-6-millones-de-archivos-de-clientes-y-repartidores/

🇺🇸 Professional Probation Services ( www.ppsfamily.com ) exposes almost 500,000 US probationers private data publicly, SSNs included, and when I ask them for their intentions regarding disclosure, they go into hiding mode, removing their management and Our companies contact page.

Read more about the exposed data from the company who, according to them, has "A corporate culture of knowing right from wrong, and doing right- every time."

https://jltee.substack.com/p/ppsfamilycom-professional-probation-services-data-leak