Clarity.fm, an entrepreneurial and networking app, was storing a large database of sensitive data unsecured on the internet, making it accessible to anyone who looked.
The database was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to its owners, who secured it a few days later.
Reports say Website PlanetThe trove of records Fowler found included 155,531 records, including 121,000 Clarity.fm member profiles. Because the company is a platform that connects entrepreneurs with experts to provide on-demand advice and consulting sessions, its members typically include CEOs, company founders, entrepreneurs, and other high-value individuals.
Important details are missing
Member profiles contained a lot of sensitive information, including both personal and work email addresses, hourly wages, payments for past consulting sessions, and internal assessment scores based on user feedback. The records were labeled as production data and listed the members as either members, leaders, or mentors.
Fowler said he never had a chance to speak with a Clarity representative, only receiving an automated response, so he couldn’t confirm how long the database was exposed or whether anyone accessed it during that time. We’ve reached out to Clarity with further questions and will update this article if we hear back from them.
It’s also unclear whether Clarity notified affected people about the breach or whether it offered them identity theft protection or credit monitoring services.
The company was founded over 10 years ago in 2012 and claims to have over 30,000 certified experts from around the world offering advice to its users.
Insecure databases stored in the cloud are thought to be one of the biggest causes of data breaches. Earlier this year, Fowler discovered that a large database at Zenlayer, one of the world’s leading network service providers, was storing highly sensitive internal and customer information.
