Submitted via IRC for SoyCow4408
The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users.
The exposure took place last week and was caused by a MongoDB database left exposed on the Internet with no credentials.
Independent security researcher Bob Diachenko discovered the database. He told Bleeping Computer that he spotted the database on August 14, when he immediately reported the issue to the Sitter app makers. The Sitter team secured the database on the same day of the report, Diachenko said.
The database was previously indexed on Shodan, a search engine for Internet-connected devices, a day earlier, on August 13.
Source: https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/
(Score: 1, Insightful) by Anonymous Coward on Monday August 27 2018, @06:13AM (2 children)
Incompetent owner causes [...] !
FTFY
What fucking imbeciles. Everybody involved should receive a 5-year block for working with private data.
Remember: it's not just the admin's fault. There's also a project manager who demanded impossible schedules, and a business superior who a) went along with enforcing that schedule and b) failed to implement a safeguard against human error on the admin's part.
People are not perfect, and shit always happens. It is an abject failure to not plan for those facts.
(Score: 0) by Anonymous Coward on Monday August 27 2018, @06:31AM
"MongoDB only pawn in game of life."
And most likely there was a "back" door to the Archdiosescies of Pennsylvania, and Natalie Portman all dressed up much younger looking and trying to warn the Cardinal that his life was in danger.
Oh, if only life followed movie plots!
(Score: 0) by Anonymous Coward on Monday August 27 2018, @02:55PM
MongoDB has authentication disabled by default. It's makes setting it up & configuring it easier (or so the story goes). Of course most intelligent people think it's a horrible idea, but at least MongoDB is web scale, and has sharding [youtube.com].