Misconfigured backup leads to exposure of 50.5 million GOMO Mobile customers

Misconfigured backup leads to exposure of 50.5 million GOMO Mobile customers

The same company was once caught spying on its Keyboard app users.

GOMO, which is also known as Sungy Mobile, is a well-known Chinese mobile app and software developer company. It is famous worldwide for GO series applications (Yes, the developers of popular GOKeyboard app that was caught spying on millions of its users last year). It particularly develops apps for children, and hence, it is very popular among Chinese children. It boasts of over 2billion downloads.

But, GOMO is in the news for all the wrong reasons. According to an independent researcher using the alias Flash Gordon, the company may have suffered data leak resulting in exposure of more than 50.5m customer data. Interestingly, a majority of these customers are children. The flaw was identified on May 25.

See: This Fidget spinner app is sending other apps data to a Chinese server

Flash Gordon explained to DataBreaches.net that an open Port 80 is the real culprit in this context. Using the port, he was able to infiltrate dozens of databases using a pair of vulnerable IP addresses. These IP addresses didn’t possess login credentials and thus, were unprotected.

The exposed data may include information about US customers too. However, it is unclear how many US customers have been affected by this data exposure. Reportedly, the data included information about 50,553,664 unique accounts and 47,415,210 unique devices. It also might have exposed around 4,379 distinct mobile numbers, 51,426,769 distinct email addresses, and 48,255,172 profiles. It also could have potentially exposed 4 system users.

The leaked data include information like bcrypt passwords, emails, country of users, purchases, avatars, usernames, gender, date of birth, school, and International Mobile Subscriber Identity number. Nearly 100GB of decompressed files is believed to have been leaked.

See: Localblox exposes personal data of millions of Facebook & LinkedIn users

Currently, the company hasn’t revealed whether the affected customers have been informed about the flaw or not. The company noted that the flaw is a result of misconfigured backup. The company also released a screenshot to explain the flaw.

The exposed data is also believed to include GOMO’s deployment and development system including all the endpoints, project related information, and credentials of the company. Moreover, DataBreaches.net received an email from GOMO on August 17th in which the company has acknowledged the breach.

This issue happened when we were fixing a issue on AWS and had to open Port80 however failed to close the port due to a tech bug. We reazlied the issue on 30th May and fixed this problem right after, said the email.

For more technical details related to this breach, visit DataBreaches.net’s blog post.

Image credit: Depositphotos

Related Posts