Home GDPR #Privacy: App exposes thousands of baby photos
GDPR - January 15, 2020

#Privacy: App exposes thousands of baby photos

A leaky Elasticsearch database has resulted in thousands of images and videos of babies being leaked online. 

The developer of the Peekaboo Moments app, Bithouse Inc, failed to secure a 100GB Elasticsearch database. The database had been left open accessible by anyone, and without any password protection. 

The database contained over 70 million log files dating from March 2019. The exposed data include email addresses, geographic location data, device data, and links to photos and videos. 

Dan Ehrlich, who runs the Texas-based cybersecurity startup Twelve Security, discovered the database, to which he estimates that at least 800,000 email addresses have been exposed. 

“I’ve never seen a server so blatantly open,” said Ehrlich to the Information Security Media Group (ISMG). “Everything about the server, the company’s website and the iOS/Android app was both bizarrely done and grossly insecure.”

The app allows parents to record their baby’s birth date, and track their baby’s weight and length. In addition, there is a field on the app that records location data in latitude and longitude to four decimal points, which is accurate to about 30 feet of a user’s location. 

“We completely understand how these moments [are] important to you,” said the company on the Google Play App profile page. “Data privacy and security come as our priority. Every baby’s photos, audios & videos or diaries will be stored in secured space. Only families and friends can have access to baby’s moments at your control.”

It remains unclear as to how long the Elasticsearch database was left unsecured, or who may have accessed the data. 

Repeated efforts by ISMG to contact Peakaboo Moments CEO, Jason Liu, has drawn blank. The company has also not responded to emails, and attempts to contact employees have proven unsuccessful.

The post #Privacy: App exposes thousands of baby photos appeared first on PrivSec Report.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Getting employees invested: Overcoming complacency to emphasize security

Your employees are the key to smarter security. Learn how you can re-establish company sec…