- Security scientists find unprotected database that belongs to anxiety
- The company builds GPS -Preporation units for people with disabilities
- The database contained names, GPS -Data and more
A GPS tracking gear manufacturer was allegedly at risk of leaking sensitive data on the Internet, experts have warned.
CyberSecurity scientists Upguard discovered a non-passord-protected database belonging to the anxiety online, kept it active for at least a few weeks and filled it with information generated by its equipment.
The anxiety is a GPS tracking and security unit designed for people with special needs, such as children with autism or older people with dementia. It provides tracing real -time, two -way voice communication and warnings to nursing staff to ensure the safety and well -being of their loved ones.
Closure of access
Techcrunch says the company is “proclaimed by law enforcement and police departments throughout the United States”.
Unfortunately, unprotected databases are a common occurrence and one of the main causes of data leaks. In this incident, the company stored real-time updating of logs from an assignment system, including personal information about concerning customers. Names, mailing addresses, phone numbers, GPS coordinates, health information and more were postponed. In addition, the database also held technical logs about the company’s systems.
E -Mail addresses, passwords, approval tokens for access to customer accounts and partial credit card information were all stored in plaintext.
The archive has since been closed, but the researchers could not establish exactly how long the database was postponed, although the database’s list on Shodan shows that it was first spotted on January 14, although it could have been available for a long time.
It is also unknown if anyone found it before Upguard. All that a person needs is knowledge of the IP address and a browser.
“It was only when Upguard called us that the question was raised to our attention,” admittedly admitted the concern CEO, Doron Somer. “After its discovery, we immediately acted to validate the information provided to us and to alleviate the vulnerability.”
“We note that apart from Upguard, we have no information that suggests that data on the logging system was accessible. We also do not have evidence or indication that the data has been abused or threatened by abuse. “
Via Techcrunch
