Cybersecurity researcher at Comparitech has identified a misconfigured MongoDB database containing a treasure trove of data left uncovered to the public without any password or security authentication. The exposed data belongs to FarFaria, a San Francisco, CA-based company that offers fairytales for kid’s service through Android and iOS apps.
According to Bob Diachenko, the head of security research at Comparitech, the exposed database contained 38 GB worth of data with contact information and login credentials of 2.9 million users such as email addresses, authentication tokens, encrypted passwords, number and timeline of logins, and social media tokens (if logged in from social media accounts).
After spotting the data leak on August 9th, 2021, the researcher immediately reported the incident to FarFaria. However, the firm did not respond to the researcher but secured the database the very next day.
The main concern for FarFaria users is 'targeted phishing attacks.' Cybercriminals can target users via email, text, or phone calls. Additionally, scammers can trick users to divulge additional information such as account details by posing as FarFaria employees. The leaked data contains the number of authentication tokens that could prove particularly useful to criminals looking to carry out complex phishing attacks on the users, Diachenko warned.
“There is an unimaginable measure of digital danger implied with the present more youthful age, as youngsters are progressively utilizing the web for their schooling and exercises. With 2.9 million FarFaria client records uncovered, it’s logical the data has as of now been spilled on the dim web, putting kids in more serious peril of being exploited online from a lot more youthful age than past ages,” Robert Prigge, CEO of financed personality confirmation organization Jumio Corp. told SiliconANGLE.
Earlier this year in August, Risk-Based Security published their 2021 Mid Year Data Breach QuickView Report, revealing the decline in reported data breaches by 24%. There were 1,767 publicly reported breaches in the first six months of 2021, which exposed a total of 18.8 billion records. However, the decline in data breach incidents does not mean organizations have enhanced their security system.
“Analyzing breach activity has become especially interesting and important over the past two years. While some trends remain largely untouched, new trends are emerging. The method of how attackers monetize their efforts has diversified, and at the same time, preventable errors are outpacing hackers when it comes to the amount of data exposed. The amount of data compromised remains stubbornly high and with another sizable Q2 breach yet to be confirmed, it is possible that the number will climb over 19 billion in the near future,” stated Inga Goddijn, Executive Vice President at Risk Based Security.