"Cricket-Oriented Platform 'Drops a Dolly' Exposing User Data"

Researchers at Cybernews discovered a database containing a massive amount of data left exposed by a social platform for the cricket community. Emails, phone numbers, names, hashed user passwords, dates of birth, and addresses are all stored in the open instance. Although most of the entries appear to be test data, the researchers' investigation reveals that some of the entries contain Personally Identifiable Information (PII) and belong to actual site users. Cricketsocial[.]com is owned by a firm of the same name in the US. Apart from the Cricket League of New Jersey, most of the organizations featured on the platform's website are in India. Amazon Web Services (AWS) in the US hosted the exposed database. The accessible database also disclosed data that could be harmful to the website. The database appeared to contain plaintext passwords for a website administrator account. If the credentials were valid, threat actors could easily use this information to take control of the site. This article continues to discuss the cricket community social platform exposing over 100 thousand entries of private customer data and administrator credentials. 

Cybernews reports "Cricket-Oriented Platform 'Drops a Dolly' Exposing User Data"