"Family tracking app spilled pics, names and real-time location data"
The Family Locator app has an insecure MongoDB database, hosted in a cloud, stored real-time, unencrypted location data about all registered members. The Family Locator app had a FollowMe feature which allowed individuals to get up-to-date status on all family members. The app was able to track the real-time location of anyone registered on it. Because of the insecure MongoDB database, anyone who searched for the database via a search engine could see not only the user’s of the apps real-time location, but also their profile photo, name, email address, and password. Attackers could also see the name of the places that were georeferenced according to their account. Microsoft was notified and has taken the sensitive information offline.
Nakedsecurity reports: "Family tracking app spilled pics, names and real-time location data"