Security Affairs
Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Saudi caller ID Dalil app exposed data of more than 5 million users

The Android caller ID app Dalil exposed online data belonging over 5 million users, security experts discovered a MongoDB database left accessible on the web without a password. The MongoDB behind the Android caller ID app Dalil was left exposed online, at least for a week, without a password, leaving 5 million users accessible on […]

Dalil

The Android caller ID app Dalil exposed online data belonging over 5 million users, security experts discovered a MongoDB database left accessible on the web without a password.

The MongoDB behind the Android caller ID app Dalil was left exposed online, at least for a week, without a password, leaving 5 million users accessible on the web without a password.

Delil sample

Most of the data included in the MongoDB belongs to Saudi users, it also included data of Egyptian, Emirates, European, and some Israeli and Palestinian numbers.

The unprotected MongoDB install was discovered by security experts Ran Locar and Noam Rotem, the database contained cell phone numbers, App registration data (full name, email, Viber account, gender, etc.), device info (vendor, model, serial number, IMEI, MAC address, SIM number, OS version, others), telecom operator details, GPS coordinates for some users and logs of the users’ activity (Individual call details and number searches).

Dalil

The availability of this data represents a serious threat to the privacy of the users, threat actors could use it for surveillance activity.

The availability of GPS data for some users could allow attackers to track them.

The database is 585.7GB in size, during the time the database was left exposed Locar observed a large number of new records that were added, a circumstance that suggests it was the production server used by the Dalil app.

Local also found some encrypted data in the database and also a ransom note, likely a threat actor accessed the archive and attempted to extort money to the company.

Locar says that at one point a threat actor also accessed the database, encrypted some of the data, and left a ransom note behind, but Dalil’s IT team didn’t even notice the breach and continued to save new user data and app logs on top of the obviously compromised database.” reported ZDNet.

According to ZDNet the database included 208,000 new unique phone numbers and 44 million app events that were added in the last month.

Locar reported its findings to the Dalil staff on February 26.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Delil, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]