The MongoDB server exposes details of the DatabaseSensitive user in the babysitting application on the misconfigured server

The makers of Sitter, a popular app for connecting babysitters with parents, have accidentally exposed the personal details of more than 93,000 users.

The exposure occurred last week and was caused by an exposed uncredentialed MongoDB database on the Internet.

Bob Diachenko, an independent security researcher, discovered the database. He told Bleeping Computer he discovered the database on Aug. 14, when he immediately reported the problem to the makers of the Sitter app. Diachenko said the Sitter team protected the database on the same day as the report.

The database had previously been indexed on Shodan, a search engine for Internet-connected devices, earlier the day before Aug. 13.

Sensitive user details exposed on misconfigured server

The database contains various types of data, including some sensitive user information, according to two screenshots of the publicly available server that the researchers shared with Bleeping Computer.

This includes encrypted passwords for approximately 93,000 Sitter accounts, the number of children in each household, the user's home address, telephone number, the user's address book contact, and the payment card number for part of the user's transaction.

Additional information includes past in-app chats and also includes details about the meeting, including past locations and times. Over 2GB of data is publicly available online through the leaked MongoDB server.

A Sitter spokesman did not return a request for comment for this article.

Diachenko said the Sitter team told him that they notified affected users of the data they had exposed.

In a LinkedIn post, Diachenko wrote: "It's not clear to us how long this leak, before any other connection to the database and before Shodan indexed it, was exposed. "

1、Top Tips for the 618 Midyear Sale
2、When Huawei released the Kirin 970 last year it said AI is more than a voice assistant what has it achieved now
3、Cloud reveals the most effective ways to make money in the next three years for horses
4、EOS delaying the mainnet is the biggest positive
5、Youku for PC ES File Manager OfficeSuite and more

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送