Top entrepreneur and networking app leaks personal info on VIP clients
Entrepreneur and networking app Clarity.fm kept a major database with sensitive data unprotected on the internet and available for anyone who knew where to look.
The database was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to the owners, who secured it a few days later.
As reported by WebsitePlanet, the hoard Fowler found contained 155,531 records, including 121,000 Clarity.fm member profiles. Since the company is a platform connecting entrepreneurs with experts for on-demand advice and consulting sessions, its members usually include CEOs, company founders, entrepreneurs, and other high-value individuals.
Missing key details
The member profiles contained plenty of sensitive information, including both private and professional email addresses, hourly rates, past consulting sessions’ payment, as well as the internal rating score based on user feedback. The records were labeled as production data and listed people as either members, leaders, or mentors.
Fowler said he never got to talk to a person from Clarity, he was only getting automated responses. Therefore, he could not find out for how long the database was exposed, and if anyone accessed it in the meantime. We have reached out to Clarity with additional questions and will update this article if we hear from the company.
It is also unknown if Clarity notified the affected people that their data was exposed, or if it offered them identity theft protection and credit monitoring services.
The company was founded more than a decade ago, in 2012, and claims to have more than 30,000 verified experts from around the world giving advice to its users.
Unsecured databases sitting in the cloud are considered as one of the top causes of data leaks. Just earlier this year, Fowler discovered a major database from Zenlayer, a top global network service provider, storing sensitive internal and customer information.