Major Data Breach Exposing Millions of Records from App Development Platform

n a significant cybersecurity lapse revealed in June 2025, Passion.io—a platform that enables creators and entrepreneurs to build apps without coding—was found to have left a massive trove of user data exposed online. Security researcher working with vpnMentor, discovered the misconfigured database, which contained approximately 12.2 terabytes of unprotected information. The data, which included around 3.6 million records, was accessible to anyone without the need for a password or encryption. After being notified, Passion.io acted quickly to close the vulnerability.

The exposed records contained a wide array of private information. Among the data were names, email addresses, physical addresses, customer account details, billing and invoice records, and media files. Particularly concerning was the inclusion of creator-uploaded videos, educational PDFs, and personal profile photos—some featuring children. The nature and volume of the leaked data significantly increased the risk of exploitation through phishing scams, identity theft, and intellectual property misuse.

Passion.io acknowledged the issue and confirmed that its privacy and technical teams had addressed the problem. Despite this, several uncertainties remain. It’s not yet clear whether the exposed server was under Passion.io’s direct control or managed by a third-party provider. In addition, there’s no confirmed timeline on how long the database was publicly accessible or whether any unauthorized parties downloaded or misused the data during the exposure.

This incident highlights how easily cloud-based systems can become security liabilities if not properly configured. It illustrates the critical need for stringent cybersecurity practices such as encrypting stored data, enforcing strict access permissions, implementing multi-factor authentication, and conducting frequent audits. For digital platforms that handle sensitive user data, the Passion.io breach is a powerful reminder of the importance of proactive and responsible data management.