The Android caller ID app Dalil exposed online data belonging over 5 million users, security experts discovered a MongoDB database left accessible on the web without a password.
The MongoDB behind the Android caller ID app Dalil was left exposed online, at least for a week, without a password, leaving 5 million users accessible on the web without a password.
Most of the data included in the MongoDB belongs to Saudi users, it also included data of Egyptian, Emirates, European, and some Israeli and Palestinian numbers.
The unprotected MongoDB install was discovered by security experts Ran Locar and Noam Rotem, the database contained cell phone numbers, App registration data (full name, email, Viber account, gender, etc.), device info (vendor, model, serial number, IMEI, MAC address, SIM number, OS version, others), telecom operator details, GPS coordinates for some users and logs of the users’ activity (Individual call details and number searches).
The availability of this data represents a serious threat to the privacy of the users, threat actors could use it for surveillance activity.
The availability of GPS data for some users could allow attackers to track them.
The database is 585.7GB in size, during the time the database was left exposed Locar observed a large number of new records that were added, a circumstance that suggests it was the production server used by the Dalil app.
Local also found some encrypted data in the database and also a ransom note, likely a threat actor accessed the archive and attempted to extort money to the company.
“Locar says that at one point a threat actor also accessed the database, encrypted some of the data, and left a ransom note behind, but Dalil’s IT team didn’t even notice the breach and continued to save new user data and app logs on top of the obviously compromised database.” reported ZDNet.
According to ZDNet the database included 208,000 new unique phone numbers and 44 million app events that were added in the last month.
Locar reported its findings to the Dalil staff on February 26.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.