Draft:UpGuard

  1. Home
  2. Wiki
  • Comment: Why are there zero links to other wikipedia pages in the body text? Did an LLM write this? pythoncoder (talk | contribs) 14:16, 5 September 2025 (UTC)


UpGuard, Inc
Company typePrivate
Industry
Founder
  • Mike Buakes
  • Alan Sharpe-Paul
Headquarters
Mountain View, California
,
United States
Websiteupguard.com

UpGuard, Inc. is a cybersecurity firm[1] founded in 2012 and headquartered in Mountain View, California.

Cybersecurity Research

[edit]

In June 2017, UpGuard discovered a publicly accessible Amazon Web Services S3 bucket, owned by a contractor for the Republican National Committee, that exposed the personal data of nearly 200 million American voters.[2]

In October 2017, UpGuard discovered a misconfigured AWS S3 bucket belonging to Alteryx, a data analytics firm. The bucket exposed data belonging to credit reporting agency Experian and the United States Census Bureau, revealing personal details of 123 million American households.[3]

In 2018, UpGuard discovered a fata leak from an Israeli company, NICE Systems. A misconfigured AWS server exposed the names, phone numbers, and account PINs of as many as 14 million Verizon customers.[4]

In October 2020, UpGuard discovered that a server managed by a third-party election vendor had publicly exposed the usernames and password for an electronic poll book system used by election officials in Lake County, Florida.[5]

In May 2021, UpGuard researchers began investigating Microsoft's Power Apps portals. They found that a default setting in the platform's API made data publicly accessible unless privacy settings were manually enabled. This misconfiguration resulted in the exposure of 38 million records across more than a thousand web applications.[6]

In September 2021, UpGuard discovered a publicly exposed cloud storage server belonging to SmarterSelect, a company that processes scholarship and grant applications. The server contained over 1.2 million files with the personal data of applicants, including names, contact information, academic records, and Social Security numbers.[7]

In February 2022, UpGuard discovered an unsecured Elasticsearch server used by ENCollect, a debt collection platform for Financial services in India and Africa. The server exposed 5.8 GB of data, containing nearly 1.7 million records. The leaked information included borrowers' personal details such as names, birth dates, account numbers, and contact information for family members and co-applicants. The dataset also contained over 100,000 phone numbers and internal notes from collection agency staff regarding loan repayments.[8]

In January 2025, TechCrunch reported that UpGuard had found a server belonging to AngelSense, a company providing Global Positioning System trackers for children and the elderly, which was left exposed without a password. The server contained the real-time location data for thousands of users and personal information such as names and phone numbers.[9]

In March 2025, UpGuard's research team uncovered a significant data privacy failure involving AI chatbots designed for fantasy and sexual role-playing. The investigation found that improper security configurations in an open source AI framework were causing the systems to broadcast user conversations onto the open web.[10]

Also in March 2025, it was reported that UpGuard had discovered a security lapse at APIsec, an API testing company. The incident involved the public exposure of a cloud storage server containing sensitive customer data, including API keys and internal credentials.[11]

In June 2025, it was reported that UpGuard had identified an unprotected database belonging to "My JedAI," an AI chatbot startup company. The misconfiguration exposed the email addreses and survey responses of more than 500 individuals who were part of the creator program for the design platform, Canva.[1]

In August 2025, UpGuard discovered that a cybercrime forum known as "Leak Zone" had exposed the IP addresses, private messages, and login credentials of its users. A misconfiguration in the forum's operations security left a server publicly exposed, revealing information that could be used to identify the forum's members.[12]

References

[edit]
  1. ^ a b "Limited Canva Creator Data Exposed Via AI Chatbot Database". 2025-06-09. Retrieved 2025-09-11.
  2. ^ "Personal details of nearly 200 million US citizens exposed". 2017-06-19. Retrieved 2025-09-11.
  3. ^ "Alteryx data breach exposed 123 million American households' information". Los Angeles Times. 2017-12-22. Retrieved 2025-09-11.
  4. ^ "Over 14 Million Verizon Customers' Data Exposed On Unprotected AWS Server". The Hacker News. 2017-07-12. Retrieved 2025-09-11.
  5. ^ Cameron, Dell (2020-10-30). "Passwords of Florida County Election Officials Temporarily Exposed". Gizmodo. Retrieved 2025-09-11.
  6. ^ Newman, Lily Hay. "38M Records Were Exposed Online—Including Contact-Tracing Info". Wired. ISSN 1059-1028. Retrieved 2025-09-11.
  7. ^ Page, Carly (2021-11-22). "US education software company exposed personal data of 1.2M students". TechCrunch. Retrieved 2025-09-11.
  8. ^ Lakshmanan, Ravie. "Thousands of Borrowers' Data Exposed from ENCollect Debt Collection Service". The Hacker News. Retrieved 2025-09-11.
  9. ^ Whittaker, Zack (2025-01-30). "Exclusive: AngelSense exposed location data and personal information of tracked users". TechCrunch. Retrieved 2025-09-11.
  10. ^ Burgess, Matt. "Sex-Fantasy Chatbots Are Leaking a Constant Stream of Explicit Messages". Wired. ISSN 1059-1028. Retrieved 2025-09-11.
  11. ^ Whittaker, Zack (2025-03-31). "Exclusive: API testing firm APIsec exposed customer data during security lapse". TechCrunch. Retrieved 2025-09-11.
  12. ^ Whittaker, Zack (2025-07-25). "Cybercrime forum Leak Zone publicly exposed its users' IP addresses". Yahoo! Finance. Retrieved 2025-09-11.