The IT Nerd

Cybersecurity researcher Jeremiah Fowler discovered and reported to WebsitePlanet a non-password protected database belonging to the Gladney Center for Adoption a Texas-based organization providing adoption and family services.

What happened:
The database containing 1,115,061 records and totaling 2.49 GB was found accessible to anyone with an internet connection. The data includes sensitive PII of children, adoptive parents, and internal employees, along with case notes, applications, decisions related to adoption cases and more.

Why it matters:
This kind of exposure raises serious privacy concerns, as the information could be exploited to run phishing scams, commit identity theft, impersonate agency staff, and more.

You can find the full report here: https://www.websiteplanet.com/news/gladney-breach-report/

Website Planet has analyzed the true impact of Google’s AI Overviews on websites and on Google itself, and determined who’s benefiting, who’s losing out, and what it means for the future of search.Key findings:

• AI Overviews now appear on 31% of Google search pages; in our test, 39 out of 100 searches showed an AI summary.
• Informational sites saw average traffic gains of +241% (with some up 1,933%), but also the steepest drops (down to -76%).
• Google’s search revenue jumped 10% year-over-year after AI Overviews rolled out; cost-per-click rose for 87% of industries.

You can access their detailed report here: https://www.websiteplanet.com/blog/ai-summaries-website-impact-research/

Recently, cybersecurity researcher Jeremiah Fowler discovered and reported to WebsitePlanet a non-password-protected database, presumably belonging to a real estate investment and management company, containing 170,360 records with a total size of 116.24 GB.

What happened:
The database was left unsecured without encryption or password protection. A sample review revealed hotel employees’ PII, including names, physical addresses, email addresses, DOB, SSN and more.

Why it matters:
This type of data exposure significantly increases the risk of identity theft, tax or credit fraud, unauthorized access to personal financial accounts and more. 

Read the full report here: https://www.websiteplanet.com/news/incomeproperty-breach-report/

Recently, cybersecurity researcher Jeremiah Fowler discovered and reported to Website Planet about a non-password-protected database containing over 184 million credential records from a suspected InfoStealer malware breach affecting a wide range of services, applications, and accounts, including email providers, Microsoft products, Facebook, Instagram, Snapchat, Roblox, and many more.

What happened:

A publicly exposed database was found containing 184,162,718 records with a total size of 47.42 GB. The exposed data includes emails, login account names, passwords, authorization URLs, and more.

Why it matters:

This kind of breach could lead to targeted phishing attacks, identity theft or financial fraud, social engineering and more.

Read the full report here: https://www.websiteplanet.com/news/infostealer-breach-report/

Website Planet just wrapped up an fascinating study, where they explore the key reasons behind the exodus in the social media platform X, highlighting notable departures and exploring whether this shift will have lasting effects on X’s future in the social media landscape.

Key findings at a glance:

• Many high-profile users and brands have left X due to content moderation concerns and Elon Musk’s leadership.
• Ad revenue has dropped by 55% year-over-year, with a 78% decline in December 2022 alone.
• While 27.6% of major advertisers returned by early 2025, overall ad revenue remains down.
• Users are moving to platforms like Bluesky which has grown by 1,064% since October 2023, reaching 21 million users by March 2024.
• Users are not flocking to a single alternative but spreading across multiple platforms, requiring brands to adapt to a multi-platform strategy.

In conclusion, the departure of high-profile users, brands, and advertisers from X since Elon Musk’s acquisition marks a major shift in the social media landscape. Taking that into consideration, while X explores financial services and analytics to regain stability, its long-term influence remains uncertain, highlighting the evolving nature of social media and corporate platform strategies.

You can access their report here: https://www.websiteplanet.com/blog/people-and-companies-leaving-x/

A data breach involving Atrium Health, a North Carolina-based network of hospitals, clinics, and specialty centers across the Southeast was discovered and reported to Website Planet by cybersecurity researcher Jeremiah Fowler.

What happened:

A non-password-protected database containing 21,344 records with a total size of 6.99 GB was publicly exposed. The leak contains Patient PII, insurance coverage details, emergency contacts, names of medical staff, patient medical history and more.

Why it matters:

Exposing this kind of detailed medical records could potentially lead to identity theft, insurance fraud, or social engineering campaigns to obtain additional personal or financial information. Unauthorized access to a patient’s medical history could provide cybercriminals with enough information to attempt a wide range of fraudulent activities.

Read the report here: https://www.websiteplanet.com/news/atriumhealth-report-breach/

The research team at WebsitePlanet evaluated popular AI tools (ChatGPT, Google Gemini, Microsoft Copilot, and more) in their ability to detect AI-generated images and differentiating these from real digital photographs. They also included some specialized tools designed specifically to detect AI images and were surprised with the results.

Some key findings at a glance:

• AI algorithms have allowed more sophisticated tools to recognize AI-generated images with a fair amount of accuracy, but we’re yet to find a tool that can accurately differentiate AI-generated images from real digital photographs with 100% accuracy over large datasets.
• Google Gemini struggled with detecting AI-generated images in categories that typically include depictions of real people, the results of this test likely reveal Gemini’s continuing limitations in properly processing and evaluating images of people.
• ChatGPT struggled to identify Society and Lifestyle images as having been AI-generated, but the platform’s overall identification score improved from 90% to 93% with the inclusion of metadata.
• Microsoft Copilot showed similar patterns as ChatGPT, performing well for most categories. Nevertheless, even with the inclusion of metadata, Copilot was still unable to correctly identify Society and Lifestyle photos as having been AI-generated.

Considering their findings, they believe that AI detection programs need to keep pace with the growth and progression of generative AI to more accurately help organizations and individuals distinguish between authentic and AI-generated content, thus helping reduce the risks of misinformation.

You can access the report here: https://www.websiteplanet.com/blog/ai-image-detection-research/

A data breach involving Vroom by YouX an Australia-based Fintech company specializing in automotive financing, was discovered and reported to Website Planet by cybersecurity researcher Jeremiah Fowler.

What happened:
A non-password-protected Amazon S3 database containing 27,000 records was publicly exposed. The leaked files included images of driver’s licenses, Medicaid cards, bank statements including account numbers and partial credit card numbers, employment statements, and more.

Why it matters:
Exposing this kind of sensitive financial and identification data poses serious risks, including identity theft, impersonation, financial social engineering, and other forms of fraud involving identification documents or financial information.

Read their full report here: https://www.websiteplanet.com/news/vroom-report-breach/

A significant data exposure involving ESHYFT, a New Jersey-based health tech company, was recently uncovered by cybersecurity researcher Jeremiah Fowler and reported to Website Planet.

What happened:
A non-password-protected database containing over 86,000 records totaling 108.8 GB in size was exposed. The records include personally identifiable information (PII) such as scans of identification documents like driver’s licenses and social security cards, salary details, work history and more.

Why it matters:
This exposure presents serious risks, such as identity theft, employment fraud, financial fraud, or targeted phishing campaigns. These risks could impact healthcare professionals as well as the facilities that employ them.

You can find a report on this here: https://www.websiteplanet.com/news/eshyft-report-breach/

A data breach involving Lost and Found Software, a Germany-based company providing lost and found managing services for multiple airports in the US, Canada, and Europe was discovered and reported to Website Planet by cybersecurity researcher Jeremiah Fowler.

What happened:

A non-password-protected database containing 820,750 records, totaling 122 GB was exposed. The leaked data includes images of identification documents such as passports, driver’s licenses, employment documents, and more.

Why it matters:

The exposure of sensitive identification data raises serious security concerns, potentially leading to identity theft, phishing attacks, impersonation, and other forms of fraud.

Read the report here: https://www.websiteplanet.com/news/lostandfound-report-breach/