About The SafetyDetectives Research Lab
Our Findings: Key Statistics
Since early 2019, we’ve discovered online vulnerabilities and data leaks in collaboration with cybersecurity experts. In that time, we’ve made several major discoveries:
Cybersecurity Reports Published:
Approximate Number of People Exposed:
Approximate Number of Records Exposed:
How We’re Making a Difference
When a vulnerability or data leak is discovered, our team of experts sends a disclosure to affected parties, prompting them to fix the leak/vulnerability.
For instance, in 2021, we discovered a major data leak of sensitive airline files affecting Securitas — a multinational security company that’s been in business since 1934. The company had an open and unencrypted Amazon S3 bucket, exposing 1.5 million files, including
- Employee personally identifiable information (PII):
- Full names of employees
- National ID Numbers
- Photo ID Cards
- Sensitive company data:
- Photos of planes
- Fueling lines
- And more…
We disclosed the leak to Securitas and Swedish CERT. Shortly after, Securitas secured the leak, resolving the vulnerability.
In another incident, we discovered an unsecured ElasticSearch database exposing over 7 terabytes of personally identifiable information owned by Cam4 — an adult streaming site. The number of users involved in this breach is unknown, but the exposed data on the server included users’ names, email addresses, passwords, and payment logs.
Like with Securitas, our cybersecurity team contacted Cam4, and shortly after, Cam4 secured the open server. Outside of alerting major businesses and organizations, we also provide straightforward advice to the online community on preventing data exposure. This ranges from simple tips such as being careful when giving out information to creating secure passwords whenever you make an online account.
Where Have Our Reports Been Featured?
Our work has helped protect over 250 million people across 18 countries. As such, our findings have sparked interest from major news outlets worldwide. You can read about some of our discoveries on the following websites:
- PegasusEFB (Electronic Flight Bag) — The SafetyDetectives Research Lab discovered an open Amazon AWS S3 bucket without any password protection containing around 23 million files. We alerted Pegasus, and the leak was secured.
Online Shopping & eCommerce
- Amazon Fake Review Scam — We discovered an open and unencrypted ElasticSearch database, which revealed a fake review scam being conducted by over 200,000 Amazon sellers. The database contained more than 13 million records, which also included the personal information of Amazon users who’d fallen victim to the scam.
- Our findings were reported by Bloomberg, RT, Tom’s Guide, Fox Business, CNET, ZDNET, TechCrunch, The Verge, and Vox.
- Socialarks — Socialarks suffered a data leak exposing over 400 GB of data, affecting over 200+ million social media users.
- Our findings were reported by The Sun, Express, 9News, and Lifehacker.
E-Learning and Education
Edureka — Our team discovered more than 25 gigabytes of data on an unsecured server owned by the prominent e-learning company Edureka. This data contained the names, email addresses, phone numbers, and activity records of more than 2 million users.