Database Family Locator app with real-time location data was online unsecured

Spread the love

The database of ‘family tracker app’ Family Locator with more than 238,000 users was online unencrypted and unsecured. Those who knew where to look could look up personal information, passwords, profile pictures and real-time location data.

The MongoDB database contained names, email addresses, profile pictures, plaintext passwords, precise real-time location data, and geofences such as “school” and “home” including coordinates. According to security researcher Sanyam Jain, who approached TechCrunch with the problem, the iOS app’s database had been exposed for “weeks.”

TechCrunch verified the database by creating a dummy account of its own, which promptly appeared among all other users’ records. In addition, the site contacted a user in Florida, who confirmed that the data in the database belonged to him and his child.

TechCrunch was unable to get in touch with the maker of the app, the Australian React Apps. The options to contact the developer are limited and React Apps is unresponsive. Finally, TechCrunch contacted Microsoft, which hosts the database on its Azure service. A few hours later, the entire database went offline.

You might also like
Exit mobile version