This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Cybersecurity researcher at Comparitech has identified a misconfigured MongoDB database containing a treasure trove of data left uncovered to the public without any password or security authentication. The exposed data belongs to FarFaria, a San Francisco, CA-based company that offers fairytales for kid’s service through Android and iOS apps.
According to Bob Diachenko, the head of security research at Comparitech, the exposed database contained 38 GB worth of data with contact information and login credentials of 2.9 million users such as email addresses, authentication tokens, encrypted passwords, number and timeline of logins, and social media tokens (if logged in from social media accounts).
After spotting the data leak on August 9th, 2021, the researcher immediately reported the incident to FarFaria. However, the firm did not respond to the researcher but secured the database the very next day.
The main concern for FarFaria users is ‘targeted phishing attacks.’ Cybercriminals can target users via email, text, or phone calls. Additionally, scammers can trick users to divulge additional information such as account details by posi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Kids Fairy Tale App Farfaria Exposed Data of 2.9 Million Users