1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • JusTalk has been leaking user info for months

    From TechnologyDaily@1337:1/100 to All on Thu Jul 28 20:00:04 2022
    JusTalk has been leaking user info for months

    Date:
    Thu, 28 Jul 2022 18:52:13 +0000

    Description:
    A major database with sensitive data was sitting open and unencrypted, for months

    FULL STORY ======================================================================

    A major chat log database belonging to popular messaging app JusTalk was left unprotected on the web for months, accessible to anyone who knew where to look.

    Cybersecurity researcher Anurag Sen uncovered the database, which did not
    have a password, storing unencrypted data including plenty of personally identifiable information, useful for cybercriminals looking to engage in identity theft , social engineering, or other forms of cybercrime.

    The data included the messages themselves, user phone numbers (both sender
    and receiver), call logs, all sorted out just enough to be able to identify specific people and specific conversations. Millions of potential victims

    In fact, while going through the logs, TechCrunch says it managed to find a pastor soliciting a sex worker who listed their phone number publicly. The
    log included the time, location, and price of the meeting.

    The database itself is hundreds of gigabytes large, and hosted on a Huawei server in China. In order to access it, the only thing a person would need is a browser, and its IP address. With the help of database search engine
    Shodan, the researcher discovered that the server was storing new data in the database as early as January this year, when it was first exposed.

    Its impossible to know exactly how many people have had their sensitive data exposed in this blunder, but we do know that JusTalk has roughly 20 million users. It also has JusTalk Kids, a separate app for minors, with more than a million downloads on Android. Read more

    These countries have the most exposed databases online


    Anti-vax dating site exposed data of thousands of users


    These are the best endpoint protection services right now

    After Sen reported the problem to JusTalk, it apparently shut down the database, but also decided not to comment on the findings.

    Sen was also apparently not the first to discover this database, as it contained a ransom note, meaning someone had tried to use it to extort money from the company, but whether or not they succeeded is unknown at this time. These are the best firewalls around

    Via: TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/news/justalk-has-been-leaking-user-info-for-months/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)