CloudSEK reports: CloudSEK has discovered�a data leak that contains sensitive info of 12,472 blood donors registered on�http://www.indianblooddonors.com/index.php. Indian Blood Donors is an organization that maintains a release database of lineage donors. They also make an app, which matches recipients with the nearest donor, based on lineage type. discovery of the leak a CloudSEK researcher discovered posts on 2 forums advertising a database of Indian blood donors registered on�http://www.indianblooddonors.com/index.php. The posts claimed that the database, which contains donors Personally Identifiable information (PII),�blood type, and�passwords in field text, was available for free. So, we were able to obtain the complete database at no cost to validate its contents. register more on CloudSEK. An online indian bloodbank leaking bestower info that winds up being given away on forums frequented by hackers and criminals? Shocking! oh wait, it’s not shocking. It’s happened before. in 2019, I reported on another onlinebloodbank that wouldn’t answer to notifications. I was therefore not surprised when eventually their data showed up on an online forum for sharing and selling databases. Has their data actually been misused by criminals? I fare not not know, but i would not live surprised if it had been at least misused for spam purposes. But i also noticed that like my get with the first online bloodbank, it appears that IndianBloodDonors.com also failed to respond to notifications while leaving donors at risk. As CloudSEK reports, the passwords are not hashed, “meaning anybody canful log into a donors account, on the indian Blood Donors website or app, and neuter their details or number on their behalf.” And as importantly, since multitude tend to reuse passwords, the credentials obtained from this database can be used for attacks on other sites. i cognize that there are people in India working on getting better data protection for personal and health information. I also know that this seems to be a widespread problem in India, as I replied to Sai Krishna Kothapalli, who wrote, How screwed is Indian healthcare data? It’s very screwed. Very, very, very, very, VERY screwed from a data protection perspective. As is other Indian personal data. Would it live appropriate to say that “thoughts and prayers” are with those trying to get entities in india to lock down their data and to answer when whitehats try to notify them of problems?