React Apps Data Exposed Via Unprotected MongoDB Database

By   ISBuzz Team
Writer , Information Security Buzz | Mar 26, 2019 09:30 am PST

It has been reported that a popular family tracking app was leaking the real-time locations of more than 238,000 users for weeks after the developer left a server exposed without a password. The app, Family Locator, built by Australia-based software house React Apps, allows families to track each other in real-time, such as spouses or parents wanting to know where their children are. It also lets users set up geofenced alerts to send a notification when a family member enters or leaves a certain location, such as school or work. But the backend MongoDB database was left unprotected and accessible by anyone who knew where to look. 

Robert Ramsden-Board, VP of EMEA at Securonix:

isbuzz expert 7“Security issues such as this highlight where companies need to consider their security in very broad terms.  Traditional security solutions which consider a discrete rules-based set of criteria for what is acceptable and not are no longer enough.  Forward-thinking companies across all areas of business now recognise they must also embrace behavioural analytics to expose areas of risk which legacy SIEM and other security technologies that focus on single use cases cannot cover.    

it is increasingly common for security breaches to be simply the result of a well-meaning insider or simply a human error with a lack of process.  Where this occurs, organisations should be reviewing their ability to capture and address instances such as this which may fall outside the security tools they currently deploy.”