A family tracking app was leaking real-time location data

TechCrunch | 1/31/2019 | Staff


A popular family tracking app was leaking the real-time locations of more than 238,000 users for weeks after the developer left a server exposed without a password.

The app, Family Locator, built by Australia-based software house React Apps, allows families to track each other in real-time, such as spouses or parents wanting to know where their children are. It also lets users set up geofenced alerts to send a notification when a family member enters or leaves a certain location, such as school or work.

Backend - MongoDB - Database - Anyone

But the backend MongoDB database was left unprotected and accessible by anyone who knew where to look.

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

Review - Database - Account - Record - User

Based on a review of the database, each account record contained a user’s name, email address, profile photo and their plaintext passwords. Each account also kept a record of their own and other family members’ real-time locations precise to just a few feet. Any user who had a geofence set up also had those coordinates stored in the database, along with what the user called them — such as “home” or “work.”

None of the data was encrypted.

TechCrunch - Contents - Database - App - Email

TechCrunch verified the contents of the database by downloading the app and signing up using a dummy email address. Within seconds,...
(Excerpt) Read more at: TechCrunch
Wake Up To Breaking News!
"Tyranny sincerely exercised for the good of its victims may be the most oppressive." C.S. Lewis
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!