According to the Australian Red Cross said that registration information of 550,000 blood donors had been compromised, in which they blamed on human error by a third party contractor.
Tory Hunt a security researcher said that the leaked information consisting of 1.74GB with about 1.3 million records, contains information about blood donors, such as name, gender, physical address, email address, phone number, date of birth, blood type, country of birth, and previous donations.
The information from 2010 to 2016 was available online on the website from September. 5th to October. 25th. of this year.
“We have managed to have all known copies of the archive deleted, and have removed the vulnerability from the web developer’s server,” the company added.
Tory Hunt wrote that he was contacted on Tuesday morning by someone who found the data on donateblood.com.au, the website of the Blood Service, while scanning internet IP addresses on the lookout for publicly exposed web servers returning directory listings.
The backup database was published to a publicly facing website, which had directory browsing enabled on the server, according to Hunt.
“Showing a public listing of the file contents of the server is a well-known risk and there’s rarely a valid justification for this, precisely for the sorts of reasons demonstrated with this incident,” he wrote.
Troy said he contacted AusCERT, the Australian version of the computer emergency response teams that many countries including the U.S. have, and they got in touch with the Red Cross.