- Cygenerws found an unbelievable Mongodb occurrence that belonged to Headero
- The database contained millions of records and PII
- It has since been locked down but users still need to be on their guard
Security researchers from Cygenerws Has reported to reveal a massive Mongodb occurrence that belongs to a dating and connection app called Headero.
The database contained more than 350,000 user items, more than three million chat records and more than one million chat room registers.
Among the exposed data are names, e -mail addresses, social login -ids, JWT -tokens, profile images, unit rooster, sexual preferences, STD status and -extra worrying -accurate GPS locations.
No evidence of abuse
Cygenerws reached out to the app’s developers, a US-based company named Thotexperiment, which immediately locked down the database. The company told the researchers it was a test database, but Cbergenws’ analysis indicates that it could have been actual user data instead.
Unfortunately, we do not know how long the database remained open and if any threat actors gained access to it in the past. So far, there is no evidence of abuse in nature.
Human error leading to exposed databases is still one of the most common causes of data leaks and security breaches.
Researchers constantly scan the Internet with specialized search engines and find massive non-password protected databases almost daily.
These leaks can jeopardize people as cyber criminals can use the information to tailor very compelling phishing attacks through which they can implement malware, steal sensitive files and even commit thread fraud.
Headero users are advised to be extra vigilant when receiving unsolicited messages, both via e -mail and social platforms.
They should also be careful not to download any files or click links in such messages, especially if the messages have a feeling of urgent character with them. If they use the same password across multiple services, they need to change them and cope with sessions / revoke tokens in apps where possible.
