TZUTC: -0500
MSGID: 1244.consprcy@1:2320/105 2cdfa06d
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Over 1 million records from US adoption organization left exposed online

Date:
Thu, 17 Jul 2025 14:39:00 +0000

Description:
The database is now locked down.

FULL STORY

Gladney Centre for Adoption, a non-profit adoption agency, was leaking
sensitive information about children, parents, employees, and other people by
keeping an unprotected database. 

Earlier this week, Jeremiah Fowler, a security researcher known for hunting
for non-password-protected, unencrypted databases, found one that was 2.49 GB
in size, and which contained more than 1.1 million records. 

The records included names of children, birth parents, adopted parents,
employees, and leads. Besides the names, there were also phone numbers, 
postal addresses, information about birth fathers, and data on whether people
were approved, or denied, becoming an adoptive parent. 

Abusing the info for phishing

The information is highly sensitive, and as such - very valuable to
cybercriminals. Crooks can use it to create custom-built, convincing phishing
emails, through which they can deploy malware, steal banking information, or
other login credentials, resulting in identity theft , wire fraud, and
possibly ransomware . 

For example, a cybercriminal might find a person that was previously denied
becoming a foster parent, and send them an email notifying them of a change 
in their status. However, to finalize the process, they would need to pay a
fee within a 24-hour window. This is just a theoretical example of how crooks
could abuse Gladneys data. 

The good news is, there is no evidence anyone discovered the archive before
Fowler did. As soon as the database was found, the researcher reached out to
Gladney, who locked it down almost immediately. We dont know for how long it
remained active, and to be certain the files werent stolen - there would need
to be a detailed forensic analysis. 

We also dont know if Gladney was the one maintaining this database, or if 
that was the work of a third party. We do know that it was generated by a
Customer Relationship Management (CRM) system. 

 Via Website Planet

======================================================================
Link to news story:
https://www.techradar.com/pro/security/over-1-million-records-from-us-adoption
-organization-left-exposed-online

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426