Cybersecurity researcher at Comparitech has identified a misconfigured MongoDB database containing a treasure trove of data left uncovered to the public without any password or security authentication. The exposed data belongs to FarFaria, a San Francisco, CA-based company that offers fairytales for kid’s service through Android and iOS apps. According to Bob Diachenko, the head of security research at Comparitech, the exposed database contained 38 GB worth of data with contact information and login credentials of 2.9 million users such as email addresses, authentication tokens, encrypted passwords, number and timeline of logins, and social media tokens (if logged in from social media accounts).After spotting the data leak on August 9th, 2021, the researcher immediately reported the incident to FarFaria. However, the firm did not respond to the researcher but secured the database the very next day.The main concern for FarFaria users is 'targeted phishing attacks.' Cybercriminals can target users via email, text, or phone calls. Additionally, scammers can trick users to divulge additional information such as account details by posing as FarFaria employees. The leaked data contains the number of authentication tokens that could prove particularly useful to criminals looking to carry out complex phishing attacks on the users, Diachenko warned. “There is an unimaginable measure of digital danger implied with the present more youthful age, as youngsters are progressively utilizing the web for their schooling and exercises. With 2.9 million FarFaria client records uncovered, it’s logical the data has as of now been spilled on the dim web, putting kids in more serious peril of being exploited online from a lo ..
Support the originator by clicking the read the rest link below.
