blottsie quotes a report from The Daily Dot: A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank. The vulnerability — which has reportedly been fixed — was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans. The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company’s vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said “no one” in the office was aware of the problem. Vickery was able to retrieve images of various doors, locks, RFID access panels, and the controller board of an alarm system all of which could be previously accessed without a username or password. The database also contained “details on the make, model, location, warranty coverage, and even whether or not the unit was still functional,” Vickery said. What’s worse is that Automated Integration is far from the only company whose database are left exposed online. “I have a constantly fluctuating list of 50 to 100 similar breaches that need to be reported,” he said. “This one just happened to involve a security-related company and government buildings, so it got bumped to the top of my list.”
Read more of this story at Slashdot.