Submitted via IRC for SoyCow4408
The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users.
The exposure took place last week and was caused by a MongoDB database left exposed on the Internet with no credentials.
Independent security researcher Bob Diachenko discovered the database. He told Bleeping Computer that he spotted the database on August 14, when he immediately reported the issue to the Sitter app makers. The Sitter team secured the database on the same day of the report, Diachenko said.
The database was previously indexed on Shodan, a search engine for Internet-connected devices, a day earlier, on August 13.
Source: https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/
(Score: 3, Interesting) by bradley13 on Monday August 27 2018, @09:38AM (3 children)
"...have involuntarily exposed the personal details of over 93,000 users"
That's a strange word to use. Involuntarily, like it happened and they could do nothing about it. How about "stupidly", "irresponsibly", or maybe "carelessly"?
This kind of stuff is just beyond belief. Not only that the database should require credentials to log in; this is presumably the backend for their web service, so the server should refuse external database connections on principle. Security kindergarden here...
Everyone is somebody else's weirdo.
(Score: 2) by c0lo on Monday August 27 2018, @10:25AM
"Involuntarily" as in "I forgot about it". Like in "you don't accuse me I voluntarily forgot, do you?"
Because they need to show this as "minor mistake, could happen to anyone".
After all, what's the penalty for private data breaches? Especially when no CC or other financial info was exposed, and especially when our ToS (which consumers agreed with) allows us to sell this data to third parties anyway.
Does any consumer have a standing if they cannot show evidence of harm?
For this matter, do you have a standing? Cause without any skin in the game, you may be liable of slander calling them 'stupid' and 'irresponsible'.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RS3 on Monday August 27 2018, @02:05PM
I think they're trying to befuddle by planting a word seed in people's minds.
The criminal prosecution will use: "negligently".
(Score: 0) by Anonymous Coward on Monday August 27 2018, @03:06PM
MongoDB should require credentials to log in, but ... from an article on medium.com: