Submitted via IRC for SoyCow4408
The makers of Sitter, a popular app for connecting babysitters with parents, have involuntarily exposed the personal details of over 93,000 users.
The exposure took place last week and was caused by a MongoDB database left exposed on the Internet with no credentials.
Independent security researcher Bob Diachenko discovered the database. He told Bleeping Computer that he spotted the database on August 14, when he immediately reported the issue to the Sitter app makers. The Sitter team secured the database on the same day of the report, Diachenko said.
The database was previously indexed on Shodan, a search engine for Internet-connected devices, a day earlier, on August 13.
Source: https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/
(Score: 0) by Anonymous Coward on Monday August 27 2018, @03:06PM
MongoDB should require credentials to log in, but ... from an article on medium.com: