Exploit: Unauthorized Database Access
Family Tree Maker: Genealogy Software
Risk to Small Business: 2.137 = Severe
An unsecured Elasticsearch server is to blame for Family Tree Maker’s leak of more than 25GB of user data. User information that was leaked includes email addresses, geolocation data, IP addresses, system user IDs, support messages, and technical details. The leak apparently also included technical details about the system’s backend.
Individual Risk: 2.503 = Moderate
No personally identifiable or financial data was reported as compromised in this breach, but users should be aware of spear phishing attempts using this compromised data.
Customers Impacted: 60,000
How it Could Affect Your Customers’ Business: An unsecured database is an unnecessary foul. Overlooking basic security measures like this is an indicator that cybersecurity best practice isn’t being enforced actively and corners are being cut by careless staffers without repercussions.