Sunday, 9 October 2016

On 09:11 by admin   No comments
The Security Research Center at MackKeeper discovered an unprotected and poorly configured database of New Zealand-based company C&Z Tech Limited. They run cheating and dating websites such as ”haveafling.mobi, haveafling.co.nz, haveanaffair.co.nz, haveanaffair.mobi and hookupdating.mobi.”
It is unclear how the database was leaked online but the data stored in the leaked database is highly sensitive as it contains personal details of 1.5 million registered users. This includes usernames, date of birth, gender, weight and height details, race, country, IP address and most importantly plain text passwords.
The incident reminds us of massive data breaches that affected cheating sites like AdultFriendFinderAshley Madison and Fling.com.
Mac Keeper did notify the company but their reply was rather typical, simply claiming that the database was only out for few hours.
“Thanks for letting us know, the MongoDB database was only live for a few hours as we were testing migrating data from SQL to MongoDB, so most of them were just dummy data with randomly generated emails and passwords, and not our live database, we shut down the database about an hour ago, and there’re no data breach, only you guys had detected it.”
This is not the first time when a database containing such a massive private data has been found on the Internet for public access. In fact, In December last year a researcher from MacKeeper found 191 million US voter registration records due to a major security misconfiguration. The same team also found 3.3 Million Hello Kitty’s accounts, 13 Million MacKeeper accounts and Mexico’s entire voter database of 93.4 million voters due to a misconfiguration in the server.
If you have an account on such dating sites remember to use different passwords for every website you login to.
The Hackers Day Conference,  is a novel occasion  will be held in Lucknow, on the January 15th-16th, 2017. For more details : www.hackersday.org

0 comments:

Post a comment