Unprotected MongoDB of Dalil exposes data of over 5 million users

• Researchers detected an unprotected MongoDB belonging to Dalil, a caller ID app for Saudi Arabia.
• The open database contains the app’s entire data including users’ personal details and activity logs.

What is the issue - Security researchers Ran Locar and Noam Roten detected an unprotected MongoDB belonging to Dalil, a caller ID app for Saudi Arabia, which has been left publicly available without any password protection.

By numbers

• The caller ID app has been downloaded by more than 5 million users.
• The leaky database is exposing roughly 585.7GB data.

What was exposed - The open database contains the app’s entire data including users’ personal details and activity logs. The exposed information included the folllwing:

• Users’ mobile numbers
• App registration data such as names, email addresses, Viber account, gender, etc
• Activity logs such as call details and number searches
• Device details such as model number, serial number, IMEI, MAC address, SIM number, OS version, etc
• Telecom operator details
• GPS coordinates

The GPS coordinates could allow an attacker to track users' location in real time. Attackers can call to the user's phone number, note the exposed database for a new log entry, and then extract the user's GPS location at that particular time.

Who are the victims - Based on the country code associated with each data, researchers confirmed that most of the data in the database belong to Saudi Arabian users. However, few data also belong to Egyptian, Emirati, European, and Israeli users.

Why it matters - The researchers notified Dalil about the leaky database. However, the database still remains open.

Worth noting - Researchers told ZDNet that an attacker accessed the unprotected database, encrypted some of the data, and left a ransom note, which the Dalil’s team never noticed and continued to add new user data to the unsecured database.