this post was submitted on 21 Feb 2026
48 points (100.0% liked)

Australia

4867 readers
117 users here now

A place to discuss Australia and important Australian issues.

Before you post:

If you're posting anything related to:

If you're posting Australian News (not opinion or discussion pieces) post it to Australian News

Rules

This community is run under the rules of aussie.zone. In addition to those rules:

Banner Photo

Congratulations to @Tau@aussie.zone who had the most upvoted submission to our banner photo competition

Recommended and Related Communities

Be sure to check out and subscribe to our related communities on aussie.zone:

Plus other communities for sport and major cities.

https://aussie.zone/communities

Moderation

Since Kbin doesn't show Lemmy Moderators, I'll list them here. Also note that Kbin does not distinguish moderator comments.

Additionally, we have our instance admins: @lodion@aussie.zone and @Nath@aussie.zone

founded 2 years ago
MODERATORS
lodion@aussie.zone
bestusername@aussie.zone
eatham@aussie.zone
Nath@aussie.zone
48
12M Aussies personal data leaked - and 1 Billion worldwide (cybernews.com)
submitted 6 days ago by No1@aussie.zone to c/australia@aussie.zone
13 comments fedilink hide all child comments
 
  • Full names
  • Addresses
  • Post codes
  • Dates of birth
  • National IDs
  • Phone numbers *Genders
  • Email addresses
  • Telco metadata
  • Breach status and social profile annotations

Good luck everyone.

you are viewing a single comment's thread
view the rest of the comments
[–] FreedomAdvocate@lemmy.net.au 1 points 6 days ago (1 children)

Misleading. Some researchers found an unsecured database, contacted the owners, and they secured it. There is no evidence of the data actually being leaked.

[–] sys110x@aussie.zone 7 points 6 days ago (1 children)

It's not misleading. A database of personally identifiable information being exposed on the internet is a data leak. Personally identifiable information is legally required to be protected, while an exposed database on the internet is about as far from 'protected' as you can get.

The article and title make no claim to active selling or known exploitation of the data, but to write this off as nothing would be a mistake. Are you sure that only the Cybernews team found it?

The Cybernews team discovered the exposed MongoDB instance on November 11th, 2025 and immediately notified IDMerit. The company secured the database by November 12th.

We don't know how long it was exposed for prior to it being discovered on the 11th - it might've been that day, it might've been a few months.

[–] FreedomAdvocate@lemmy.net.au 0 points 3 days ago* (last edited 3 days ago) (1 children)

It is misleading to say it was leaked because there’s no evidence that anyone saw it.

If no ones data was stolen, was there a leak?

It was unsecured, but it was not leaked unless someone accessed it. To try and pretend that there’s no difference is pure idiocy.

[–] sys110x@aussie.zone 0 points 3 days ago (1 children)

If your house plumbing is leaking, its not a leak to you unless you see it? How do you know it hasn't been accessed?

Thankfully we don't need to rely on your definition of a data leak: https://www.fortinet.com/resources/cyberglossary/data-leak

A data leak happens when an internal party or source exposes sensitive data, usually unintentionally or by accident.

This is sensitive data that's accidentally been exposed on the internet. That is a leak. You are misinformed on what a data leak is.

[–] FreedomAdvocate@lemmy.net.au 0 points 3 days ago* (last edited 3 days ago) (1 children)

Great analogy, but not for the point you’re trying to make.

If your house plumbing is leaking there is water going out where it shouldn’t be. You’re saying it’s a leak just because there’s a tap out near the footpath that could be turned on by someone to use your water, even if not a single drop of water has ever come out of it.

With an unsecured server the data isn’t going where it shouldn’t be unless someone takes it. Without evidence of someone taking it, nothing was leaked.

[–] sys110x@aussie.zone 0 points 3 days ago (1 children)

If your house plumbing is leaking there is water going out where it shouldn’t be.

Yes. Correct. Personally Identifiable Information openly exposed on the internet is information going out where it shouldn't be.

If your house is leaking, whether there's someone out there with a cup doesn't change whether your house is leaking or not. It only changes whether someone took your water ie. a breach

Data leak and data breach have specific definitions:

Data Leak vs Data Breach: What Is the Difference? While many use the terms "data leak" and "data breach" interchangeably, there is a difference between the two. A data leak often comes from within the organization either by accident or intent, while a data breach occurs when confidential or otherwise protected information is accessed, stolen, or used by outsiders without authorization. https://www.fortinet.com/resources/cyberglossary/data-leak

https://www.microsoft.com/en-us/security/business/security-101/what-is-a-data-leak

https://www.oaic.gov.au/privacy/your-privacy-rights/data-breaches/what-is-a-data-breach

https://www.ibm.com/think/topics/data-leakage

https://www.trendmicro.com/en/what-is/data-breach/data-leak.html

This is a data leak. We don't know yet if it's a data breach. We might not know until active exploitation.

Given the lack of control on this data, and that it wasn't fixed until the researchers told them about it, do you trust IDMerit to have the scrutiny on their logging to know if it was accessed externally? I don't.

[–] FreedomAdvocate@lemmy.net.au 0 points 3 days ago

It’s not going out unless someone requests it though. Data from a database on an unsecured server doesn’t just find its way onto the Internet or hackers computers - they need to take it.

This is why I said it’s misleading. There’s no evidence of anything being taken. It was there for the taking, but if it wasn’t taken then no one’s details were compromised.