Top gig platform service may have leaked over 14 million user files
Yoojo kept a major database out in the open

- A major European service marketplace kept an open database on the internet
- Passport data, government-issued IDs, and more, were exposed by Yoojo
- The database has since been locked down
Yoojo, a European service marketplace, reportedly kept a major database open on the internet available for anyone who knew where to look containing roughly 14.5 million files, including plenty of sensitive customer information.
Security researchers from Cybernews discovered the misconfigured cloud storage bucket and told Yoojo, which subsequently locked the archive down.
The information leaked in the database is more than enough for your average cybercriminal to run personalized phishing attacks, identity theft, or possibly even wire fraud. It includes people’s full names, passport information, other government-issued IDs, text messages between users, and phone numbers.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)
Remote code execution risks
Yoojo is an online platform that connects people with home service providers for tasks such as DIY, gardening, moving, house cleaning, childcare, pet sitting, IT support, homecare, and tutoring.
According to Cybernews, it has more than half a million downloads on Google Play, and is relatively popular in the UK, France, Spain, and the Netherlands.
The database was exposed for at least 10 days, the researchers said, adding that there was no indication of misuse. However, that doesn’t mean that someone hadn’t managed to get ahold of the archives already. Yoojo closed the instance down, but is yet to make an official statement.
“Leaked personal details enables attackers to create highly targeted phishing, vishing, and smishing campaigns. Fraudulent emails and SMS scams could involve impersonating Yoojo service providers asking for sensitive information like payment details or verification documents,” Cybernews researchers said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Misconfigured databases remain one of the key causes of data leaks and spills. Many organizations nowadays use cloud to store sensitive employee, partner, and customer information, without realizing that cloud works on a shared security model, and that the responsibility for safeguarding the data is also on them.
The good news is that most organizations react quickly when notified about the leak and lock down the databases fast.
You might also like
- One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.