- Cybernews found an instance of Mongodb without ascending that belongs to Headero
- The database contained millions of records and PII
- Since then it has been blocked, but users must still be on guard
Security researchers Cybernews They have informed to discover a massive Mongodb instance that belongs to a connection and connection application called Headero.
The database contained more than 350,000 user records, more than three million chat records and more than one million records in the chat room.
Among the exposed data are names, email addresses, social login ID, JWT tokens, profile images, device tokens, sexual preferences, ETS state and, very worrying, exact GPS locations.
There is no evidence of abuse
Cybernews He contacted application developers, a United States headquarters called Thotexperiment, which immediately blocked the database. The company told researchers that it was a test database, but Cybernew analysis indicates that it could have been real user data.
Unfortunately, we do not know how long the database remained open, and if any threat actor agreed in the past. Until now, there is no evidence of abuse in nature.
The human error that leads to exposed databases remains one of the most common causes of data leaks and safety violations.
Researchers constantly scan the Internet with specialized search engines, who find massive databases not protected by words almost daily.
These leaks can put people at risk, since cybercriminals can use information to adapt highly convincing phishing attacks, through which they can implement malware, steal confidential files and even commit wire fraud.
Heradero users are advised to be more attentive when they receive unre requested messages, both by email and social platforms.
They must also be careful not to download any file or click on any link in these messages, especially if the messages have a sense of urgency with them. If they are using the same password in multiple services, they must change them and delete sessions / revoke tokens in the applications, when possible.
