Adding a plus one to the count of unsecured databases, here comes another report. An unsecured database belonging to a golf app has exposed huge user records online. Specifically, the database belonged to the Game Golf app and included 218K users’ data along with other details.
Game Golf App Exposed User Data
The security researcher Bob Diachenko of Security Discovery has discovered another unsecured database. As disclosed through a blog post, he found a publicly accessible Elastic database containing millions of records.
Elaborating his findings, Jeremiah Fowler explained that accessing the database required no password or admin credentials. Anyone with an internet connection could seamlessly access it. Regarding the details leaked through it, Fowler stated,
This data includes a massive 134 million rounds of golf, 4.9 million user notifications, and 19.2 million records in a folder called “activity feed”.
Allegedly, the leaked details included 218 thousand user records containing users’ names, email, hashed passwords, messages, and activity in plain text. For some users, it also included Facebook IDs and login data.
The detailed user profiles contained usernames, passwords, gender, FaceBook authorization tokens, and other potentially sensitive information. When combined this data could theoretically create a more complete profile of the user and adding additional privacy concerns.
Moreover, the database also exposed information such as IP addresses, pathways, ports, and storage, making the network more vulnerable.
Database Now Offline
Bob Diachenko caught this unprotected database on April 1, 2019. After noticing the leaky database, he swiftly reported the matter to officials. Upon receiving no response, Security Discovery sent a second reminder and numerous phone messages. Yet, they received no reply from the firm. Nonetheless, on April 16, 2019, they found the database went offline. However, they still not receive any response from Game Golf.
Furthermore, it is also unclear how long the database remained publicly accessible.
During the previous week, the same researcher reported about an open database leaking details of Panama citizens.
Take your time to comment on this article.