What is the issue - Security researchers Ran Locar and Noam Roten detected an unprotected MongoDB belonging to Dalil, a caller ID app for Saudi Arabia, which has been left publicly available without any password protection.
What was exposed - The open database contains the app’s entire data including users’ personal details and activity logs. The exposed information included the folllwing:
The GPS coordinates could allow an attacker to track users' location in real time. Attackers can call to the user's phone number, note the exposed database for a new log entry, and then extract the user's GPS location at that particular time.
Who are the victims - Based on the country code associated with each data, researchers confirmed that most of the data in the database belong to Saudi Arabian users. However, few data also belong to Egyptian, Emirati, European, and Israeli users.
Why it matters - The researchers notified Dalil about the leaky database. However, the database still remains open.
Worth noting - Researchers told ZDNet that an attacker accessed the unprotected database, encrypted some of the data, and left a ransom note, which the Dalil’s team never noticed and continued to add new user data to the unsecured database.