Thousands of baby videos and images were being left unsecured and exposed online by a mobile app called Peekaboo Moments.
Peekaboo’s app developer, Bithouse, left the Elasticsearch database open and without password protection. The database contained more than 70 million log files comprising nearly 100 GB data stored from March 2019. The exposed data includes detailed device data, links to photos and videos, and around 800,000 email addresses.
Peekaboo stated that it’s still unclear for how long the server has been exposed to the data and who might have accessed it. The data breach news comes even after Peekaboo Moments promised to safeguard the data and information it stores.
This is not the first time Elasticsearch has undergone a server breach. Multiple security incidents were reported on Elasticsearch servers earlier.
Recently, security analysts Bob Diachenko and Vinny Troia discovered an open Elasticsearch server that contains unique data records of around 1.2 billion users. The server holds more than 4 terabytes of data, without password protection or authentication.
The exposed data included names, email addresses, phone numbers, LinkedIn, and Facebook profile information. It’s believed that the exposed data appears to have originated from two different data enrichment companies namely People Data Labs (PDL) and OxyData.Io (OXY).
Earlier, almost everyone in Ecuador became a victim of a massive data breach that exposed the personal information of over 20 million individuals, including the country’s president. Security firm vpnMentor discovered the breach on a Miami-based Elasticsearch server owned by an Ecuadorian company Novaestrat. It’s said that the exposed data appears to have come from various sources, including the Ecuadorian national bank, Ecuadorian government registries, and an automotive association called Aeade.