[BreachExchange] Storybooks for children app FarFaria exposed data of 3M users

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Tue Sep 28 08:32:54 EDT 2021 

https://www.hackread.com/storybooks-for-children-app-farfaria-exposed-data/

Another day, another data leak incident involving misconfigured and exposed
MongoDB database – This time it is FarFaria, a San Francisco, CA-based
company that offers storybooks for children service through Android and iOS
apps.

It all happened when Bob Diachenko, the head of security research at
Comparitech, discovered a misconfigured MongoDB database containing a
treasure trove of data left exposed to the public without any password or
security authentication.

The incident took place on August 9th, 2021 but Diachenko only shared its
details on September 27th. According to the researcher, the database, which
belonged to FarFaria, was indexed by the BinaryEdge search engine and
contained 38 GB worth of data with contact information and login
credentials of 2.9 million users. This included the following:

   - IP addresses
   - Email addresses
   - Encrypted passwords
   - Authentication tokens
   - Number and timeline of logins
   - Social media tokens of those who used their social media accounts for
   signing in.

In a blog post, Diachenko warned that,

Among the exposed details are a number of authentication tokens. These
could prove particularly useful to criminals looking to carry out complex
phishing attacks on the users.

It is unclear whether the database was accessed by a third party with
malicious intent. On the other hand, Diachenko immediately reported the
incident to FarFaria however the company did not respond to the researcher
but secured the database the very next day.

It is worth noting that according to FarFaria, its apps are “created for
children ages 2-9” meaning that the misconfiguration exposed children to
cybercrime and online crooks.

If you have an account with FarFaria it is your right to question the
company about the incident as email addresses are common gateways for
phishing campaigns. Not only this, but conniving threat actors could easily
combine data and build profiles for identity theft.

For now, look out for suspicious emails as cybercriminals can use the
incident to launch phishing or malspam attack on unsuspected users,
especially children.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210928/16bc8780/attachment.html>

More information about the BreachExchange mailing list