HQ/EMEAFind out how we can help your business
A severe data loss exposed the personal information of nearly 3.6 million Passion.io developers, influencers, and businesses.
Reports revealed that the researchers blamed the hack on an insecure database tied to an app-building platform, which reportedly contained over 12 terabytes of sensitive data.
The database, which lacked encryption and password protection, held approximately 3,637,107 records. These records contained user and app authors’ names, email addresses, physical addresses, and payment information.
Internal file names and metadata revealed that the data belonged to Passion.io, a business based in Texas and Delaware.
Passion.io is a well-known app that holds information about various individuals.
Passion.io is a no-code platform that enables creators, trainers, and public figures to create mobile apps without requiring coding knowledge.
These apps allow users to create interactive courses and monetise them with subscriptions or one-time charges. The hacked data included a wide range of personally identifiable information (PII), raising serious concerns about its misuse.
Cybersecurity experts warned that the exposed data might be used for phishing or social engineering attacks, which are common tactics used by cybercriminals to obtain further personal or financial information.
Exposed email addresses and transaction history may enable the impersonation of reputable brands or services.
The hack also revealed user profile photographs, particularly those of youngsters, raising concerns about privacy and online safety.
Security experts warned that such seemingly innocent pictures might be used for impersonation, identity theft, or other unethical activities.
In addition to personal information, the database contained video content, PDF files (presumably premium content developed and sold through the platform), and internal financial papers.
The publication of this material could negatively impact the creators’ revenue and provide competitors with crucial business information.
When the security researcher discovered the problem, he promptly notified Passion.io. The corporation responded the same day, barring public access to the database.
The company recognises the occurrence and has stated that its privacy officer and technical team are working hard to rectify the problem and install safeguards to prevent repeat incidents.
