U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MyEstatePoint Property Search Android app leaks user passwords

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. The all-in-one real estate app MyEstatePoint Property Search left a publicly accessible MongoDB server containing the sensitive details of its app users. The app, developed by NJ Technologies, […]

MyEstatePoint Property Search

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found.

The all-in-one real estate app MyEstatePoint Property Search left a publicly accessible MongoDB server containing the sensitive details of its app users.

The app, developed by NJ Technologies, an India-based software developer, has over half a million downloads on the Google Play store and mainly serves the Indian market.

According to the team, the exposed server contained data on over 497,000 users, almost matching the number of times the app was downloaded.

We reached out to NJ Technologies for comment but have yet to receive a reply.

MyEstatePoint Property Search
Sample of the leaked data.

The team discovered the publicly facing MongoDB server on November 6th and contacted the app’s developers but received no reply. However, the instance has been closed off since.

The exposed instance contained sensitive app users’ details, such as:

  • First and last names
  • Email addresses
  • Plain-text passwords
  • Mobile phone numbers
  • City
  • Business descriptors
  • Signup methods

“This comprehensive dataset poses severe risks as threat actors could exploit the exposed information for unauthorized access, identity theft, fraudulent activities, and potentially compromise the privacy and security of the affected individuals,” the team said.

Scammers can use email addresses and plain text passwords for various attacks.

To know more about the attack take a look at the original post at:

Original post @ https://cybernews.com/security/myestatepoint-property-search-app-data-leak/

About the author: Vilius Petkauskas, Deputy Editor at @CyberNews

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, malicious packages PyPi)