According to FarFaria, its apps are “created for children ages 2-9” meaning that the incident exposed children to cybercriminals.
Another day, another data leak incident involving misconfigured and exposed MongoDB database – This time it is FarFaria, a San Francisco, CA-based company that offers storybooks for children service through Android and iOS apps.
It all happened when Bob Diachenko, the head of security research at Comparitech, discovered a misconfigured MongoDB database containing a treasure trove of data left exposed to the public without any password or security authentication.
SEE: 47% of online MongoDB databases hacked demanding ransom
The incident took place on August 9th, 2021 but Diachenko only shared its details on September 27th. According to the researcher, the database, which belonged to FarFaria, was indexed by the BinaryEdge search engine and contained 38 GB worth of data with contact information and login credentials of 2.9 million users. This included the following:
In a blog post, Diachenko warned that,
Among the exposed details are a number of authentication tokens. These could prove particularly useful to criminals looking to carry out complex phishing attacks on the users.
It is unclear whether the database was accessed by a third party with malicious intent. On the other hand, Diachenko immediately reported the incident to
Support the originator by clicking the read the rest link below.
