Techcrunch learned that AngelSense, a support technical company that provides location monitoring devices to people with disabilities, has leaked information and accurate location data on the open Internet.
The company has secured a server exposed on Monday after more than a week after the warning of data on a security company Upguard.
Upguard has shared the details of exposure only with TechCrunch after AngelSense has resolved the expiration. Upguard has subsequently published blog posts on incidents.
New Jersey, based in New Jersey, has provided thousands of customers with GPS trackers and location monitoring to thousands of customers, and is advertised by the United States' law execution agencies and police offices.
According to UPGUARD researchers, AngelSense has left an internet database published on the Internet without password, so that only web browsers can use the knowledge of database public IP addresses to access internal data. 。 The database saved a real -time update log from the AngelSense system. This included personal information of AngelSense customers and technical logs on the company system.
Upguard stated that the customer's personal data, such as the name, postal address, and phone number, was found in the exposed database. Researchers said that they had also discovered monitored GPS coordinates, including relevant health information related to tracked people, including autism and dementia. Researchers have also found email addresses, passwords, authentication tokens, and partial credit card information for accessing customer accounts. All of these were displayed in plain text.
I don't know exactly how long the database is exposed or how many customers have been influenced. According to a list of databases related to SHODAN, which is the Internet and system search engine, the exposed felling database of AngelSense was first discovered online, but may have been exposed a while ago. There is.
Doron Somer, AngelSense's highest executive officer, confirmed that TechCrunch has first identified UpGuard's first email as a SPAM, and then the company has been offline.
“The problem has attracted us only when UpGuard called us,” said Somer. “At the time of the discovery, we acted immediately, verified the provided information, and improved the vulnerability.”
“Note that there is no information that suggests that data on logging systems has been potentially accessed in addition to UpGuard, and evidence that the data is misused or that it is exposed to misuse threats. There are no signs, “Somer told TechCrunch and the data was” not sensitive personal information. ”
Somer will not say whether the company has a technical means to judge whether it can be accessed to unprotected servers before UpGuard.
Summer said the company was still investigating when asked if he was planning to notify the affected customers and individuals that data was published.
“If a notification to regulatory authorities or people is guaranteed, of course, we will provide it,” said the summer.
Summer did not respond to follow -up surveys for each press time.
The database exposure is not a malicious intention, but a misunderstanding caused by an artificial error, and has become an increasingly common event in recent years. A similar security in the exposed database has a sensitive US military's e -mail, real -time leaning of text messages including two -factor code, and chat history from AI chatbots.