Thousands of medical injury claim records exposed by ad agency

An internet advertising company specializing in helping law firms sign up potential clients has exposed close to 150,000 records from a database that was left unsecured.

The database contained submissions as part of a lead-generation effort by X Social Media, a Florida-based ad firm that largely uses Facebook to advertise various campaigns for its law firm customers. Law firms pay the ad company to set up individual websites that aim to sign up victims from specific categories of harm and injuries — from medical implants, malpractice, sexual abuse and more — who submit their information in the hope of receiving legal relief.

But the database was left unprotected and without a password, allowing anyone to look inside.

Security researchers Noam Rotem and Ran Locar found the database and reported it to the company, which pulled the database offline. The researchers also shared their discovery exclusively with TechCrunch and posted their findings on vpnMentor.

The database contained names, addresses, phone numbers, the date and time of a person’s submission and the circumstances and explanation of their accident, injury or illness. Often this included personal health information, sensitive medical information, details of procedures or the consumption of certain medications or specifics of traumatic events.

Several records seen by TechCrunch include records from campaigns targeting combat veterans who were injured on duty. Other campaigns sought to sign up those who suffered illnesses from pesticides or medications.

Other campaigns included soliciting claims for sexual abuse. We found several names, postal and email addresses and phone numbers of victims, many of which also described their sexual abuse as part of filling out the website form.

One of the records in the database. (Image: supplied)

The researchers said the exposed data could be “easily traced” back to the individuals who filled out the website forms.… Read the rest

Apollo raises $22M for its GraphQL platform

Apollo, a San Francisco-based startup that provides a number of developer and operator tools and services around the GraphQL query language, today announced that it has raised a $22 million growth funding round co-led by Andreessen Horowitz and Matrix Partners. Existing investors Trinity Ventures and Webb Investment Network also participated in this round.

Today, Apollo is probably the biggest player in the GraphQL ecosystem. At its core, the company’s services allow businesses to use the Facebook -incubated GraphQL technology to shield their developers from the patchwork of legacy APIs and databases as they look to modernize their technology stacks. The team argues that while REST APIs that talked directly to other services and databases still made sense a few years ago, it doesn’t anymore now that the number of API endpoints keeps increasing rapidly.

Apollo replaces this with what it calls the Data Graph. “There is basically a missing piece where we think about how people build apps today, which is the piece that connects the billions of devices out there,” Apollo co-founder and CEO Geoff Schmidt told me. “You probably don’t just have one app anymore, you probably have three, for the web, iOS and Android . Or maybe six. And if you’re a two-sided marketplace you’ve got one for buyers, one for sellers and another for your ops team.”

Managing the interfaces between all of these apps quickly becomes complicated and means you have to write a lot of custom code for every new feature. The promise of the Data Graph is that developers can use GraphQL to query the data in the graph and move on, all without having to write the boilerplate code that typically slows them down. At the same time, the ops teams can use the Graph to enforce access policies and … Read the rest