Ddos 
In a recent disclosure by cybersecurity researcher Jeremiah Fowler, vpnMentor uncovered a massive unprotected database allegedly tied to Passion.io, a no-code app-building platform used by influencers, coaches, and entrepreneurs. The database—shockingly unencrypted and without a password—contained a staggering 3,637,107 records, totaling 12.2 terabytes of data.
Fowler reports, “In a limited sampling of the exposed documents, I saw internal files, images, and spreadsheet documents… that contained names, emails, physical addresses, and details about payments or payouts of what appeared to be users and app creators.”
Headquartered in Texas/Delaware, Passion.io empowers creators to launch interactive, monetized mobile apps without writing code. Its website claims over 15,000 apps launched and more than 2 million paying users. The exposed data did not represent this full volume but did include sensitive user profile pictures, payment records, and creator-uploaded content—some of which included images of children.
Jeremiah responsibly disclosed the issue, and Passion.io promptly restricted public access the same day. A follow-up email confirmed that their “Privacy Officer and technical team are working on fixing the issue, making sure this can’t happen again.”
Among the exposed files were:
- PII (Personally Identifiable Information) such as names, emails, addresses, and internal customer IDs
- Financial records including invoice totals
- Creator-uploaded content, including videos and .pdf course materials
- Images of children, potentially uploaded under the assumption of privacy
Fowler emphasizes, “Even seemingly harmless images can be potentially weaponized or used for unethical purposes… particularly sensitive are images of children who cannot consent to their pictures being used online.”
He warns of possible phishing and impersonation attempts, saying, “Leaked email addresses and purchase histories can provide criminals with specific information… [they] could hypothetically contact customers pretending to be affiliated with the company.”
owler’s report serves as an educational case study, stressing:
- Encrypt all sensitive data, especially spreadsheets with customer info
- Implement multi-factor authentication (MFA) for employees and users
- Limit data retention and segment stored data
- Conduct regular security audits to detect and mitigate vulnerabilities
He concludes, “My aim is to encourage organizations to proactively implement measures to safeguard sensitive information against unauthorized access.”
Donate