As a security analyst, it’s frankly alarming that in 2025, we’re *still* seeing data breaches caused by companies failing to encrypt their databases. These incidents aren’t just headlines; they genuinely worry those of us working to protect data every day.
The latest data breach involves Netcore Cloud Pvt. Ltd., a Mumbai-based company. Netcore describes itself as a provider of AI-powered customer experience solutions and states that over 6,500 businesses worldwide rely on its services, indicating it’s a significant player in the industry.
Cybersecurity researcher Jeremiah Fowler found a database containing approximately 40 billion records – totaling around 13 terabytes of data – and alerted Website Planet to the discovery. The database was not secured with encryption.
The database held around 40 billion records, including a large number of email addresses and message details. It also contained sensitive information from banking and healthcare notifications, such as partial account numbers and other private details that shouldn’t be made public. According to Fowler, he found many records within the database that were clearly marked as confidential.
I saw numerous records marked as confidential — all exposed, all unencrypted.
— Security researcher Anurag Sen, after discovering 13TB of marketing data left wide open.
According to Fowler, the database wasn’t secured with passwords or encryption, so anyone who found it – or learned about it – could easily see all the information inside.
When Fowler found the security mistake, he reached out to Netcore because the exposed information seemed to be linked to them. He reports that access to the open database was blocked the same day he alerted them to the issue.
We still don’t know if Netcore directly handled the database or hired another company to do it. Also, Fowler doesn’t know how long the unprotected data was online, or if anyone viewed it before he alerted Netcore.
Bad actors can do a lot of damage with only a few emails
As a researcher in this field, I’m often amazed by the cleverness involved in creating hacking and phishing attacks. What’s truly concerning is how little information criminals need to launch a new scam. It doesn’t take much to get them started, which makes these attacks so prevalent.
According to Fowler’s report, criminals can use just an email address and some basic information to build a profile of someone, making them more vulnerable to phishing scams.
In my research, I’ve found that scammers often target individuals by exploiting their existing relationships with companies. For example, if a scammer knows your email address and that you receive communications from a telecom provider, they can craft a very convincing, official-looking email requesting sensitive information – pretending it’s part of your regular business with that company.
Information you freely share with what seems like a trustworthy source can be used to build a detailed profile about you. Over time, this could lead to risks like manipulation, unauthorized access to your accounts, or even complete account control by someone else.
Fowler emphasizes he isn’t suggesting the Netcore data breach caused any criminal activity, but is simply offering possible scenarios as examples for learning.
Add it to the pile of major data breaches in 2025
The large amount of sensitive data discovered by Fowler – totaling 13 terabytes – is sadly another worrying cybersecurity incident in 2025.
Earlier this month, Discord experienced a significant data breach affecting 70,000 users, with hackers leaking ID photos and personal information. The hackers initially asked for a $5 million ransom, later lowering it to $3.5 million, but Discord declined to pay.
In September, Plex experienced a data breach where user emails and passwords were exposed. As a result, Plex advised all users to update their passwords.
I recently learned about a massive data breach – reportedly the largest ever. It happened in June, and it exposed the usernames, passwords, and other login details for a staggering 16 billion accounts. This included credentials for major platforms like Facebook, Google, and Apple.
This wasn’t a breach. It was a billboard.
A company that specializes in building trust accidentally exposed the personal information of 40 billion people, including their names, email addresses, and details about the devices they use.
In April, a data leak at X, formerly Twitter, exposed the user IDs of 2.8 billion people. The hackers said they tried to notify X about the breach, but after being ignored, they made the data public.
How can you prevent your personal data from becoming public? Sadly, once a company has your information, there’s not much you can do except trust that their security is strong enough to protect it.
Be careful about phishing emails. Avoid clicking on links from unknown senders, and always double-check the sender’s email address to make sure it looks legitimate. Also, stick to secure websites and keep your computer’s software updated.
To stay safe online, create strong, unique passwords – a password manager can help with this. Change your passwords regularly, and whenever possible, enable multi-factor authentication for an extra layer of security, even if your password is compromised.
Stay up-to-date with the latest from Windows Central by following us on Google News! You’ll get all our news, insights, and features right in your feed.
Read More
- Best Season 10 PvE Build in New World: Aeternum
- Gold Rate Forecast
- BTC PREDICTION. BTC cryptocurrency
- The 10 Most Powerful Marvel Zombies Characters in Comics, Ranked
- Why Chishiya’s Alice In Borderland Season 3 Role Was Greatly Reduced
- Once Upon a Katamari Brings the Series Back with a Brand New Game on PS5
- Taylor Swift’s Life of a Showgirl Songs Inspired by Travis Kelce
- Beloved Fall Movie Returns to Streaming As Sequel Production Wraps (And You Can Watch It Free)
- Crypto Chaos: When Tiny Tokens Try to Outshine Bitcoin-Will They or Won’t They? 🤡💸
- Battlefield 6 Campaign Gameplay Features Extensive Destruction and Bad Company 2 Vibes
2025-10-17 18:13