An app designed to record and share milestones in a child’s development has leaked thousands of images and videos of babies online.
Bithouse Inc., the developer of the Peekaboo Moments app, failed to secure a 100 GB Elasticsearch database containing more than 70 million log files dating from March 2019. As a result, information including email addresses, geographic location data, detailed device data, and links to photos and videos has been exposed.
The breach was discovered by Dan Ehrlich, who operates Texas-based computer security consulting firm Twelve Security.
Ehrlich estimates that at least 800,000 email addresses are in the exposed data, which is stored on servers hosted by Singapore-based Alibaba Cloud.
“I’ve never seen a server so blatantly open,” Ehrlich told Information Security Media Group. “Everything about the server, the company’s website and the iOS/Android app was both bizarrely done and grossly insecure.”
Peekaboo Moments, which appears to be run by a company based in China, allows parents to record their baby’s birth date and track the infant’s length and weight. Now parents will be able to use it to record an unexpected milestone—their baby’s first ever data breach.
The free app claims to take the security of users’ data seriously and to offer users a “secured space” in which to record their child’s precious moments. The company makes money by offering additional storage, with subscription plans starting at $8.99 per quarter.
On its Google Play app profile page, it states: “Data privacy and security come as our priority. Every Baby’s photos, audios & videos or diaries will be stored in secured space. Only families & friends can have access to baby’s moments at your control.”
The length of time the Elasticsearch server has been unsecured or who may have accessed its contents are unclear.
Information Security Media Group said that repeated efforts to contact Peekaboo Moments CEO Jason Liu—based in San Francisco, according to his LinkedIn profile—have drawn a blank.
Attempts to contact the company and other Peekaboo employees have also proved unsuccessful.
According to Google Play, the Peekaboo Moments app has been downloaded 1 million times since launching in 2012.
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity