General|Mar 19, 2020

Blisk Browser Vendors Leaked Data Via Unsecured Database Server

Share on

Vendors behind the Blisk browser – a dedicated browser for web developers – inadvertently left a database unsecured that leaked data containing millions of records. Blisk is a web browser tailored for web developers keeping in view their needs. Launched in 2014, the browser’s userbase includes some prominent names as well, such as Apple, Microsoft, NASA, eBay, UNICEF, and others.

blisk.png

Blisk Vendor Data Leaked Security researchers from vpnMentor, Noam Rotem and Ran Locar, discovered another unsecured server exposing users’ data. This time, the open server belonged to the Blisk browser vendors, which leaked data related to web developers.

Detailing their findings in a post, the researchers revealed that they found an unprotected Elasticsearch database leaking data. It precisely contained 3.4GB of data that included more than 2.9 million records.

Blisk obtained this data from users without the need to bypass any security measures. The exposed information included sensitive details about users, including their email addresses, user agent details, and IP addresses. While leaving databases open is already negligent, the additional issue with Blisk was the way they collected the data. According to the researchers,

Since the browser “sees” what the user sees, it can potentially bypass encryption, 2-factor authentication, and any other measure they have in place. If the user is using software that is not heavily secured, this can lead to very serious security breaches. It appears that no matter what security measures you put in place while using Blisk, your data would still potentially be leaked.

Database Now Closed Upon finding the unprotected server, the researchers traced back the vendors and informed them of the matter. Following their report, the vendors addressed the matter in a few days pulling the database offline.

Though the researchers fear that the kind of information left online could lead to serious security threats, Blisk confirmed to ZDNet that the incident did not affect any sensitive data. Nonetheless, any Blisk user eager to know about the potential impact on oneself of the incident may contact the vendors for details.

 

Comments:


Apple-AirPods-3.jpg

New AirPods 3 are coming this fall

Apple|Aug 3, 2021
Samsung-DDR5.jpg

Samsung is developing extreme DDR5 memory technology

General|Aug 2, 2021
CyberPanel-banner.jpg

How to disable 2FA CyberPanel 2.1 2021

Tutorials|Aug 1, 2021
rick_astley.jpg

One billion rickrollings

General|Jul 31, 2021
Spotify.jpg

Spotify makes money. The artists get a tier for every 301st stream

General|Jul 30, 2021
chrome-os-google.jpg

The most important Chrome OS feature of 2021 isn't coming from Google

Google|Jul 29, 2021
Apple.jpg

iOS 15 beta 4 has been launched - better Safari in iPadOS

Apple|Jul 28, 2021
2021-07-24-image-3-j.jpg

China's new Loongson CPU is almost as fast as the first Ryzen

General|Jul 27, 2021
Apple.jpg

Are they going to do something super smart? Apple is testing the external display with the A13 chip

Apple|Jul 26, 2021
NewsTargeted.png

2000 News Articles!

General|Jul 25, 2021
Apple.png

These are the iPhone models that get one of iOS 15's best features

Apple|Jul 24, 2021
Microsoft.jpg

Newly spotted Windows 10 and 11 vulnerability lets any user have admin privileges

Microsoft|Jul 23, 2021
Android.jpg

Android 12 beta has been launched with the big news

Google|Jul 22, 2021
Magsafe.jpg

This is Apple's MagSafe extra battery - Norwegian price revealed

Apple|Jul 21, 2021
windows365.jpg

Windows in the cloud comes August 2, this is Windows 365

Microsoft|Jul 20, 2021
more