Stories
Slash Boxes
Comments

SoylentNews is people

MongoDB Server Exposes Babysitting App's Database

posted by Fnord666 on Monday August 27 2018, @05:08AM   Printer-friendly
from the secure-your-databases dept.

MrPlow writes:

Submitted via IRC for SoyCow4408

The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users.

The exposure took place last week and was caused by a MongoDB database left exposed on the Internet with no credentials.

Independent security researcher Bob Diachenko discovered the database. He told Bleeping Computer that he spotted the database on August 14, when he immediately reported the issue to the Sitter app makers. The Sitter team secured the database on the same day of the report, Diachenko said.

The database was previously indexed on Shodan, a search engine for Internet-connected devices, a day earlier, on August 13.

Source: https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/

Original Submission

 
This discussion has been archived. No new comments can be posted.
MongoDB Server Exposes Babysitting App's Database | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Monday August 27 2018, @06:13AM (2 children)

    by Anonymous Coward on Monday August 27 2018, @06:13AM (#726809)

    Incompetent owner causes [...] !
    FTFY

    What fucking imbeciles. Everybody involved should receive a 5-year block for working with private data.

    Remember: it's not just the admin's fault. There's also a project manager who demanded impossible schedules, and a business superior who a) went along with enforcing that schedule and b) failed to implement a safeguard against human error on the admin's part.

    People are not perfect, and shit always happens. It is an abject failure to not plan for those facts.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 0) by Anonymous Coward on Monday August 27 2018, @06:31AM

    by Anonymous Coward on Monday August 27 2018, @06:31AM (#726812)

    "MongoDB only pawn in game of life."

    And most likely there was a "back" door to the Archdiosescies of Pennsylvania, and Natalie Portman all dressed up much younger looking and trying to warn the Cardinal that his life was in danger.

    Oh, if only life followed movie plots!

  • (Score: 0) by Anonymous Coward on Monday August 27 2018, @02:55PM

    by Anonymous Coward on Monday August 27 2018, @02:55PM (#726922)

    MongoDB has authentication disabled by default. It's makes setting it up & configuring it easier (or so the story goes). Of course most intelligent people think it's a horrible idea, but at least MongoDB is web scale, and has sharding [youtube.com].