Babysitter App “Sitter” Temporarily Exposed Data

Sitter is a babysitting-booking app that matches parents with trustworthy babysitters, nannies, and daycares.  93,000 account holders on Sitter that had their personal data temporarily disclosed.  

Discovery of Data

The exposure took place last week, by a MongoDB database which was left exposed on the Internet without credentials. MongoDB is a database that stores data for apps such as Sitter.

Exposed Data

Security researcher, Bob Diachenko, discovered 2GB of the MongoDB database which contained phone numbers, addresses, transaction details, account holder contacts, partial numbers of credit cards, and encrypted account passwords of 93,000 users.

Furthermore, the leaked information included users’ chat, the history of notification, and what time users needed a babysitter and in what direction.

Vulnerability Corrected

The database was secured after Diachenko notified Sitter, suggesting a short period of exposure.  As soon as Sitter was made aware of the leaked data, they removed it preventing attackers from using it for illicit purposes.

Affected users have already been notified of the situation. Sitter improved their security precautions of their users’ data and have corrected the vulnerability that enabled the leak in the first place.

Original Article Found Here.

  • 6