Abandoned App Details in Open

Friday, March 18, 2016 @ 04:03 PM gHale


A database belonging to an abandoned iOS app that’s easily accessible via the Internet is exposing the personal details of over 198,000 users.

The vulnerable app is Kinoptic iOS, which allowed users to create cinematic slideshows of their photos, piece multiple photos into a video-like slideshow, and even animate smaller portions of one photo, all for the purpose of sharing with their friends and family.

RELATED STORIES
Trojan Hooks Apple’s FairPlay DRM System
Samsung Mitigates Update Tool
Buffer Overflow Fixed in GNU C”
Password Request Warning on Firefox”

The app launched in 2012, and by the end of 2015, after failing to garner a bigger following, the app ended up removed from Apple’s App Store, and its website shut down earlier this year.

Now, MacKeeper security researcher Chris Vickery, who has made a habit of searching the Internet for exposed MongoDB databases, said the (MongoDB) database associated with this app remained online, despite Kinoptic’s shutdown.

Instead of powering down, Kinoptic’s developers apparently abandoned their service.

That means this database suffers from exposure online via a default MongoDB configuration that allows anyone to access its content without any authentication, Vickery said.

Exposed data includes usernames, email addresses, and hashed passwords, along with other details stored in Kinoptic profiles.

The only thing former Kinoptic users can do right now is to change the passwords for accounts where they have used the same passphrase.