PPSFamilycom Professional Probation Services

pppAt PPS we understand the ongoing concern with privatization of probation That is why our standards are second to none We require a bachelors degree and 20 hours of training each year for our probation officers and our Department of Compliance works with each of our local field offices to ensure the ethical and appropriate enforcement of the conditions of probation We are fully bonded and insured and our contracts may each be terminated at any time without causeppWe operate sixday full time offices with case transfer capabilities to more than sixty 60 locations nationwide PPS companies offer 100 offenderfunded models as well as government supplemented or fullyfunded programs We can design a funding model that fits your communitys specific needs from PPSFamilycom websiteppppDuring the morning of October 28th while looking at some of my feeds I noticed a server with a couple of database backups and a compressed archive exposed so I went to check what they containedppppppppOne of the files contained logs for their web appsppThe other 3 were all backups from the same source on different datesppThe database backup contained the tablesppThe biggest table was Notes with almost 20 million entries some examples with the PII stripped of themppGood afternoon You arrested my 5 month high risk pregnant daughter for not being able to come an hour and half away to take a drug screen 2 days after she told you in person that she has no license or car to come the 60 mile drive from loganville to your office She has asked you more than once to transfer it to one of the 7 offices less than 10 minutes from her house and you wont 20230307 144312 ppPC FROM DEF 1028 AM AND HE WAS TALKING CRAZY AND SAID THE FBI AND NAVY WAS STALKING HIM AND HE WAS STABBED LAST NIGHT AND HAS THIRTEEN STITCHES AND CAN NOT WORK FOR TWO WEEKS DEF ALSO SAID THE FBI WAS USING INVISIBILITY CLOAKS AND STALKING HIM AND ALSO USUING MOUTHPIECES TO SPY ON HIM CALLED JERI AT THE COURTHOUSE TO LET HER LISTEN TO THIS ALSO TOLD DEF TO REPORT TO COURT 101420 TO TELL THE JUDGE ALL OF THIS DEF DEFINELY NEEDS A MENTAL EVAL LC20201012 103049ppppThe most interesting table was Probationers with 467383 entries the fields listed wereppSome stats on itpp388685 SSN entries 330988 uniquepp222998 email addresses 195936 uniqueppThe top 10 email domainsppFull list httpspastebincomV5pExVVSppppThe user table contained 987 users with the fieldsppThe top 10 email domainsppppThe full email domain list of the users httpspastebincomShX9Eu7PppppppNow this file contained inside a backup of their website and configuration files with a lot of hard coded credentials I dont know if any of the credentials were valid I do not test any credentials when I find themppSome of the services that had credentials leakedppppThis also contained various endpoints to query data and I tried one and I could iterate through the appointments without authenticationppppppWith the data exposed here I went to PPSFamily website and checked their Management page and matched most of them to a company email and sent a notification the same morning I found this October 28thppAround 56 hours after my email I saw the backups werent accessible anymore shortly after I saw the endpoint that was exposed and I could iterate through now gave me an error connectingppI waited until October 31st for any contact but since the company never reached out I emailed everyone again asking what was their intention regarding the disclosure of this incident because I would prefer to make my post only after they disclose it if that was their intentionppThe day after I sent the 2nd email I opened their website while writing about this and noticed they removed their Management and Our Companies tabs from their websiteppNot sure whats the plan here Internet Archive and similar services exist ppppppThis is something only PPSFamily can answer I can confirm this was exposed at least from September 3rd to October 28th but I dont know exactly how long or who else found this datappPPSFamily motto like phrase on their Ethics pageppA corporate culture of knowing right from wrong and doing right every timeppApparently the right thing to do here was ignoring the person who warned them about this and hide all the management and their companies contactsppTime and time again this is what I get I notify the companies I get ignored suddenly CEOs etc erase any connections to the company on their Social Media accounts and the public disclosure never comesppHopefully PPSFamily will know right from wrong when it comes to deciding if they should notify the people affected by them exposing their data publiclyppAt the time of publishing this I have yet to receive any form of communication from PPSFamilyppppNo postsppReady for morep