Comment: Peekaboo Moments Suffers Breach Leaving Thousands Of Baby Images And Videos Exposed

It has been reported that thousands of baby videos and images are being left unsecured and exposed to the internet by Peekaboo Moments, a mobile app. This is due to the app’s developer, Bithouse Inc., leaving an Elasticsearch database open on the internet.

Experts Comments

January 15, 2020
Winston Bond
EMEA Technical Director
Arxan
Data on mobile devices is stored predominantly in apps so it is paramount that organisations understand just how important it is to secure their apps in order to keep their customers’ data safe and secure. It astounds me that I still have to reiterate the need to do this, particularly when it is children’s data that is being left exposed. This breach is a great example of extracting a web API from a mobile app and then using it to extract data. It shows exactly why app developers should.....Read More
Data on mobile devices is stored predominantly in apps so it is paramount that organisations understand just how important it is to secure their apps in order to keep their customers’ data safe and secure. It astounds me that I still have to reiterate the need to do this, particularly when it is children’s data that is being left exposed. This breach is a great example of extracting a web API from a mobile app and then using it to extract data. It shows exactly why app developers should harden their apps against reverse engineering and use integrity checks to make sure that the app is what it is supposed to be. Exposing a database through a web API is obviously insecure so it begs the question, why are companies still doing it?  Read Less
January 15, 2020
Hugo Van den Toorn
Manager, Offensive Security
Outpost24
Unfortunately, this is yet another Elastic Database that is open to the public, which has nothing to do with the product itself, but purely with how the vendor has decided to set up their infrastructure and deploy their software. With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organisations. As datasets grow to these sizes and contain this sensitive information, data is becoming increasingly valuable to our business and.....Read More
Unfortunately, this is yet another Elastic Database that is open to the public, which has nothing to do with the product itself, but purely with how the vendor has decided to set up their infrastructure and deploy their software. With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organisations. As datasets grow to these sizes and contain this sensitive information, data is becoming increasingly valuable to our business and in some cases even more valuable than money. Unfortunately, not everyone protects (your) data like the valuable asset it is. Even after vendors make statements such as ‘we take your security and privacy serious’, we often see security ending-up somewhere on the bottom of the priority list… Assuming it made the priority list at all.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.