- The incident took place last week when the database was left open to the public on the internet.
- The leaked information also included in-app chats, details about sitting sessions and users’ location.
Sitter, a popular babysitting app that connects babysitters with parents, has inadvertently exposed the personal information of over 93,000 users. The breach was caused by a publicly open MongoDB database.
The incident took place last week when the database was left open to the public on the internet. Independent security researcher Bob Diachenko discovered the unprotected database on August 14 and notified the Sitter team on the same day, Bleeping Computer reported.
Diachenko shared two screenshots of the unprotected database with Bleeping Computer. The screenshots revealed that the database contained a variety of data including some sensitive user information. The data exposed by the open MongoDB server included encrypted password, the number of children in a family, home addresses, contact numbers and partial payment card numbers of the app’s users.
In addition, the leaked information also included past in-app chats, details about sitting sessions and past locations of users. In total, the unsecured MongoDB server exposed over 2GB of data.
It is still unknown as to how long the data was available on the internet. It is also unclear if the data has been misused by any malicious third party. Meanwhile, Sitter’s officials have taken down the MongoDB server and have notified the users affected by the breach.
"It is still unknown if there were any other connections to the database and for how long it has been exposed until Shodan indexed it," Diachenko wrote in a post.