Disability monitoring tool leaked personal information online
AngelSense was leaking names, location data, and more
- Security researchers find unprotected database belonging to AngelSense
- Company builds GPS tracking devices for persons with disabilities
- The database contained names, GPS data, and more
A GPS tracking gear manufacturer was reportedly at risk of leaking sensitive data on the internet, experts have warned.
Cybersecurity researchers UpGuard discovered a non-password-protected database belonging to AngelSense online, keeping it active for at least a few weeks, filling it up with information generated by its equipment.
AngelSense is a GPS tracking and safety device designed for individuals with special needs, such as children with autism or elderly individuals with dementia. It provides real-time location tracking, two-way voice communication, and alerts to caregivers to ensure their loved ones' safety and well-being.
Shutting down access
TechCrunch says the company is “touted by law enforcement and police departments across the US”.
Unprotected databases are, unfortunately, a common occurrence and one of the key causes of data leaks. In this incident, the company was storing real-time updating logs from an AngelSense system, including personal information of AngelSense customers. Names, postal addresses, phone numbers, GPS coordinates, health information, and more, were being exposed. Furthermore, the database kept technical logs about the company’s systems, as well.
Email addresses, passwords, authentication tokens for accessing customer accounts, and partial credit card information were all being stored in plaintext.
The archive has since been closed down, however the researchers couldn’t establish exactly for how long the database was exposed, although the database’s listing on Shodan shows it was first spotted on January 14, although it could have been available for longer.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
It is also unknown if anyone found it before UpGuard. All a person would need is knowledge of the IP address and a browser.
“It was only when UpGuard phoned us that the issue was raised to our attention,” AngelSence CEO, Doron Somer, admitted. “Upon its discovery, we acted promptly to validate the information provided to us and to remedy the vulnerability.”
“We note that other than UpGuard, we have no information suggesting that any data on the logging system potentially was accessed. Nor do we have any evidence or indication that the data has been misused or is under threat of misuse.”
Via TechCrunch
You might also like
- Blood donation firm reveals donor personal data stolen in cyberattack
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.