According to FarFaria, its apps are “created for children ages 2-9” meaning that the incident exposed children to cybercriminals.
Another day, another data leak incident involving misconfigured and exposed MongoDB database – This time it is FarFaria, a San Francisco, CA-based company that offers storybooks for children service through Android and iOS apps.
It all happened when Bob Diachenko, the head of security research at Comparitech, discovered a misconfigured MongoDB database containing a treasure trove of data left exposed to the public without any password or security authentication.
The incident took place on August 9th, 2021 but Diachenko only shared its details on September 27th. According to the researcher, the database, which belonged to FarFaria, was indexed by the BinaryEdge search engine and contained 38 GB worth of data with contact information and login credentials of 2.9 million users. This included the following:
- IP addresses
- Email addresses
- Encrypted passwords
- Authentication tokens
- Number and timeline of logins
- Social media tokens of those who used their social media accounts for signing in.
In a blog post, Diachenko warned that,
Among the exposed details are a number of authentication tokens. These could prove particularly useful to criminals looking to carry out complex phishing attacks on the users.
It is unclear whether the database was accessed by a third party with malicious intent. On the other hand, Diachenko immediately reported the incident to FarFaria however the company did not respond to the researcher but secured the database the very next day.
It is worth noting that according to FarFaria, its apps are “created for children ages 2-9” meaning that the misconfiguration exposed children to cybercrime and online crooks.
If you have an account with FarFaria it is your right to question the company about the incident as email addresses are common gateways for phishing campaigns. Not only this, but conniving threat actors could easily combine data and build profiles for identity theft.
For now, look out for suspicious emails as cybercriminals can use the incident to launch phishing or malspam attack on unsuspected users especially children.