15 September 2020
Another server which had long been kept unprotected came to notice recently and once again the damage would have been consequential or it’s already, who knows. Sanyam Jain, a security researcher and a member of the GDI Foundation reported the findings to Techcrunch to demonstrate how severe the situation could become if left unattended.
Jain found the database of a family tracking app called Family Locator built by Australia-based software company React Apps is unprotected and accessible by anyone who knew where to and how to look at. These family locating apps allow the family members or the parents to track their children like where they are or have they left any certain location such as school. But unfortunately, the details of just every location where your child might be was accessible.
The database that included real-time locations or the coordinates of someone using the app was open. Each account record contained in the database included name, email address, profile photo, and their plaintext passwords and this everything was just open.
TechCrunch verified the contents of the database by downloading the app and signing up using a dummy email address. Within seconds, our real-time location appeared as precise coordinates in the database.
Techcrunch tried contacting the developer but got no information and had to tell Microsoft to pull this database down which was uploaded on its Azure cloud. Hours later the database was pulled offline.
It’s unknown for how long the database was exposed for and if anyone beyond Jain or TechCrunch accessed the database.