News

Database Family Locator app with real-time location data was online unsecured

By admin
Spread the love

The database of ‘family tracker app’ Family Locator with more than 238,000 users was online unencrypted and unsecured. Those who knew where to look could look up personal information, passwords, profile pictures and real-time location data.

The MongoDB database contained names, email addresses, profile pictures, plaintext passwords, precise real-time location data, and geofences such as “school” and “home” including coordinates. According to security researcher Sanyam Jain, who approached TechCrunch with the problem, the iOS app’s database had been exposed for “weeks.”

TechCrunch verified the database by creating a dummy account of its own, which promptly appeared among all other users’ records. In addition, the site contacted a user in Florida, who confirmed that the data in the database belonged to him and his child.

TechCrunch was unable to get in touch with the maker of the app, the Australian React Apps. The options to contact the developer are limited and React Apps is unresponsive. Finally, TechCrunch contacted Microsoft, which hosts the database on its Azure service. A few hours later, the entire database went offline.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones