Saudi Caller ID App Dalil Left 5 Million Customer Records Exposed In Unsecured MongoDB

  • 150
  •  
  •  
  • 1
  •  
  •  
  •  
    151
    Shares

Another mobile app joins the trail of data leakage due to an unprotected server. Despite repeated incidences of data breaches and accidental exposures, it seems the service providers still pay no heed to cybersecurity. This time, a Saudi caller ID app Dalil faces the limelight. It allegedly left 5 million records exposed in unsecured MongoDB server.

Caller ID App Dalil Exposed 5M Records

Researchers found an unsecured MongoDB server that publicly exposed millions of records. As reported by ZDNet, the unsecured server linked back to a Saudi caller ID App Dalil. The exposed records included explicit personal data and activity logs of Dalil app users.

Allegedly, two researchers, Noam Rotem and Ran Locar found a MongoDB database without a password. Thus, the server left more than 5 million records vulnerable. What’s more terrible was that the app continued to log new data in the same open MongoDB without paying attention to its security. As revealed by Ran Locar in his tweet,

The exposed data allegedly included phone numbers, users registration details, users’ device details, call logs for individuals, telecom operator information, and GPS coordinates. The leaked data could even let a threat actor locate a user’s country of origin and country of the network.

Most of the customers affected in this incident belong to Saudi Arabia. However, the data leaked also included details of Emirati, Egyptian, European customers as well. Some numbers also had Israeli/Palestinian origin.

Vulnerable Database Now Closed

According to Ran Locar, they informed Dalil about the data exposure on February 26, 2019. Even at that time, he found that “at least one” threat actor already accessed their data.

“After we reported the issue to Dalil, we noticed a ransomware encrypted some data on the server, but new data kept being logged unencrypted.”

However, the service providers didn’t respond. Nor did they remove the database.

Nonetheless, after the public disclosure of the news, Locar confirmed in one of his tweets that the Dalil has now closed the database.

Take your time to comment on this article.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!