Comments

You must log in or register to comment.

Kymski wrote

Let us see:

  • Unsecured MongoDB. okay.
  • account database with Name, email, plaintext password and real time location? wtf
  • no contact info on the company website.
  • no contact info on the privacy policy (which looks like something brewed in Microsoft Frontpage)
  • no contact on whois
  • no contact in the companys buiness records

they only managed to get the DB offline, because they asked the Hoster to contact the dev.

Sorry, but that isn't just plain stupid or laziness. That's borderline negligently.

4

__m106__ wrote

Honestly sounds like a honeypot for getting credentials to be used somewhere else later on.

1