CDPH Tracking Program Leaks Account Data
California Department of Public Healths Environmental Health Tracking Program Leaks Account Data of Several Thousand Employees.
The MacKeeper Security Research Center has identified a data leak that publically exposed several thousand credentials and sensitive info for employees and staff members, including emails, names and plain passwords for admin panels of CEHTP web portals. The misconfigured database was publicly available without any password protection and contained the account information of 5,325 employees.
California Department of Public Health started California Environmental Health Tracking Program to improve public health with better information. The MacKeeper Security Research Center contacted them the same day of the discovery to help secure any sensitive data before any further damage was done or any additional unwanted access. No response was given, but next day the database was secured and no longer publically accessible.
“Although no medical records were available there is a wide range of possibilities that criminals could use to exploit California Department of Public Health employee data once they have it.” - MacKeeper Security Researcher.
The real danger is that hackers or other bad actors could use the same passwords to try and gain access to sensitive data or commit fraud. In 2015 Harris Interactive and Password Boss estimated that 59% US customers also reuse the same passwords for multiple sites and accounts. This would make the chances of accessing other accounts much higher.
Attention - Portions of this article may be used for publication if properly referenced and credit is given to Kromtech Security Center.
Do you have security tips or suggestions? Contact: firstname.lastname@example.org