Passion Data Breach

In a significant cybersecurity incident reported in June 2025, Passion.io—a platform that enables users to create their own apps without coding—was found to have left a massive trove of user data unprotected. Cybersecurity analyst affiliated with vpnMentor, discovered a database belonging to the company that was openly accessible online, with no encryption or password safeguards. Containing an estimated 12.2 terabytes of data and roughly 3.6 million records, the exposure was swiftly closed after Fowler reported it to the company.

The compromised data covered a wide range of personal and business-related information. Exposed records included users’ full names, email and mailing addresses, internal customer identification numbers, and financial transaction details such as invoices. Furthermore, proprietary course materials—like tutorial videos and downloadable PDFs intended for paying customers—were also visible. Some profile images in the dataset showed children, which raised particular concern about the sensitivity and privacy of the content made public.

Following the report, Passion.io confirmed they had taken immediate action to fix the issue. Their data protection and technical teams secured the database and investigated the root cause. However, it remains uncertain whether the exposed system was directly managed by Passion.io or a third-party service provider. Additionally, there’s no clarity on how long the data was left unprotected or whether any unauthorized parties accessed or copied it during that time.

This event underscores the importance of robust cybersecurity practices, particularly for digital platforms that store customer data and intellectual property. As cloud-based services grow more widespread, misconfigurations like this can lead to serious consequences. Experts recommend implementing strong data encryption, strict access policies, routine security reviews, and real-time monitoring to avoid similar incidents. For Passion.io, the breach is a stark warning about the high stakes of data security in today’s digital landscape.