- Security researchers find an unprotected database that belongs to Angelsense
- The company builds GPS tracking devices for people with disabilities
- The database contained names, GPS data and more
According to reports, a GPS monitoring equipment manufacturer ran the risk of filtering confidential data on the Internet, experts warned.
UPGUARD cybersecurity researchers discovered a database not protected by raisins belonging to Angelsense online, keeping it active for at least a few weeks, filling it with information generated by their equipment.
AngelSense is a GPS monitoring and safety device designed for people with special needs, such as children with autism or elderly people. It provides real -time location, bidirectional voice communication and alert to caregivers to guarantee the safety and well -being of their loved ones.
Turning off the access
Techcrunch He says that the company is “promoted by the departments of application of the law and police in the United States.”
Unprotected databases are, unfortunately, a common occurrence and one of the key causes of data leaks. In this incident, the company stored real -time update records of an angelsense system, including the personal information of Angelsense customers. Names, postal addresses, telephone numbers, GPS coordinates, health information and more were exposed. In addition, the database also maintained technical records on the company’s systems.
Email addresses, passwords, authentication tokens to access customer accounts and partial credit card information were stored in text without format.
Since then, the file has been closed, however, the researchers could not establish exactly how much time the database was exposed, although the list of the database in Shodan shows that it was first seen on January 14, although I could have been available for longer.
It is also unknown if someone found it before Upguard. All a person would need is the knowledge of the IP address and a browser.
“It was only when Upguard called us on the phone that the problem caught our attention,” admitted the CEO of Angelsence, Doron Somer. “After its discovery, we immediately act to validate the information that provided us and to remedy vulnerability.”
“We observe that, apart from Upguard, we have no information that suggests that data on the registration system was potentially accessed. Nor do we have any evidence or indication that the data has been misused or threatened with misuse. “
Through Techcrunch
