Security vulnerabilities

  • Status Closed
  • Assigned To
    cbay
  • Private
Attached to Project: Security vulnerabilities
Opened by hHshamapes - 04.07.2025
Last edited by cbay - 04.07.2025

FS#190 - account takeover via data leak

While performing reconnaissance on your platform, I discovered an endpoint (or publicly accessible resource) that exposes sensitive customer data. This data includes personal information that should not be publicly accessible and poses a serious risk to user privacy and your organization's data security posture.

https://admin.alwaysdata.com/support/87906/ this link contains the bug report

Closed by  cbay
04.07.2025 13:07
Reason for closing:  Invalid
Admin
cbay commented on 04.07.2025 07:21

Hello,

Please include your complete report here, not in a ticket.

Kind regards,
Cyril

Data Leakage

1.Description

Data Leakage refers to a security or modeling vulnerability
in which sensitive or unintended information is exposed
during the training or operation of a machine learning
model. In many cases, this occurs when the model is trained
using features that are not realistically available at
prediction time, such as future data or outcome-related
information. This can also include unintentional exposure
of confidential business data to third parties through
logging, backups, or API responses.

2. Impact

A data leakage incident can lead to serious consequences:
Security Risks: Leaked customer data (e.g., names, IDs, financial info) can
be used for fraud, identity theft, or targeted phishing attacks.
Model Exploitation: Attackers can analyze exposed model behavior to
bypass fraud detection or manipulate decisions.
Business Loss: Misuse of leaked insights or internal data can result in
financial losses and loss of competitive edge.
Legal Trouble: Violating data privacy laws may lead to lawsuits, heavy
fines, and mandatory public disclosures.
Reputation Damage: Public trust may decline, causing customer churn
and long-term brand harm.

3. POC (Steps to reproduce)

reconnaissance phaseI found a data breach during the

Email: <REDACTED>
Password: <REDACTED>

Email: <REDACTED>
Password: <REDACTED>

This is a credit card found in this data leak
Email: <REDACTED>
Password: <REDACTED>

Email: <REDACTED>
Password: <REDACTED>

Email: <REDACTED>
Password: <REDACTED>

Email: <REDACTED>
Password: <REDACTED>

Thanks For Reviewing,

Admin
cbay commented on 04.07.2025 13:06

Some customers do leak their credentials, but it's not a security vulnerability from alwaysdata. There's nothing we can do to prevent a customer from leaking their credentials.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing