Personal data of over 700,000 users of the all-in-one video marketing platform, getshow.io and the DIY video animation software, animaker.com have been exposed due to a misconfigured database.
Animker.com owns both the websites and the server in question is registered under the domain name of getshow.io. While no passwords were leaked, personal data such as full names, email addresses, and mobile numbers were made public.
Cybersecurity researcher, Anurag Sen from Clouddefense.ai identified the misconfigured server on Shodan, a specialized search engine used by cybersecurity researchers to locate vulnerable IoT devices, including servers and misconfigured databases on the internet.
The misconfigured database happens when access controls and security settings are left at default settings or improperly configured.
Although Animker has been informed about the incident, there has been no response so far. CEO of Animker, RS Raghavan has been informed about the incident on Twitter.
If you have used either of the websites and have provided your personal information, it is recommended to take necessary precautions to prevent identity theft and fraud.
