Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday August 27 2018, @05:08AM   Printer-friendly
from the secure-your-databases dept.

Submitted via IRC for SoyCow4408

The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users.

The exposure took place last week and was caused by a MongoDB database left exposed on the Internet with no credentials.

Independent security researcher Bob Diachenko discovered the database. He told Bleeping Computer that he spotted the database on August 14, when he immediately reported the issue to the Sitter app makers. The Sitter team secured the database on the same day of the report, Diachenko said.

The database was previously indexed on Shodan, a search engine for Internet-connected devices, a day earlier, on August 13.

Source: https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Offtopic) by Runaway1956 on Monday August 27 2018, @07:31AM (1 child)

    by Runaway1956 (2926) Subscriber Badge on Monday August 27 2018, @07:31AM (#726818) Journal

    I'm not even a stalking or predatory kind of guy - but it crosses my mind that it would be nice to have vital details of hordes of nubile young females. (That presumes that most babysitters are females of child bearing age. With 93000 to choose from there are probably a bunch of damn fine looking girls!) The company needs to be held liable. It took them only a few hours to fix the problem - why didn't they examine their code for problems BEFORE outsiders found it? Why didn't they offer bounties for people who could FIND those vulnerabilities?

    Starting Score:    1  point
    Moderation   -1  
       Offtopic=1, Total=1
    Extra 'Offtopic' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   1  
  • (Score: 2) by c0lo on Monday August 27 2018, @10:10AM

    by c0lo (156) Subscriber Badge on Monday August 27 2018, @10:10AM (#726837) Journal

    You know very well the answers.
    There's no penalty for the executives and managers for private data breaches (especially in development stages) but there's a large penalty if they don't hit the on-time/on-budget targets, quarter after quarter. Minute things that defocus them will soon become out-of-sight out-of-mind - if something nasty happens, a hypocritical apology and promises it won't happen again it's all that's necessary and it's cheap.
    This is where things like GDPR help.

    No, stop speaking of 'market forces' and competition. Those things died with the notion of customers.
    Nowadays, consumers are subhuman things, with short attention span (demanding jobs take care of that), which only need to be locked in, subjected to planned obsolescence and milked as much as possible (specifically, young mothers in this case - grin) Especially when they'll drop our product anyway when the kids no longer need babysitting.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford