Another day, another data leak incident involving misconfigured and exposed MongoDB database – This time it is FarFaria, a San Francisco, CA-based company that offers storybooks for children service through Android and iOS apps.
It all happened when Bob Diachenko, the head of security research at Comparitech, discovered a misconfigured MongoDB database containing a treasure trove of data left exposed to the public without any password or security authentication.
The incident took place on August 9th, 2021 but Diachenko only shared its details on September 27th. According to the researcher, the database, which belonged to FarFaria, was indexed by the BinaryEdge search engine and contained 38 GB worth of data with contact information and login credentials of 2.9 million users.
According to FarFaria, its apps are “created for children ages 2-9” meaning that the incident exposed children to cybercriminals.
