Privacy, Data Security, Patch/Configuration Management

Misconfigured database exposes Al-Anon data

Share
concept of leaky software, data with a tap sticking out.3d illustration

Al-Anon, an international support organization for families and friends of individuals with alcohol use disorder, had a dataset with more than 200,000 records from its users exposed by an unsecured MongoDB database over the last 15 days of July, Cybernews reports.

Information leaked by the misconfigured database included individuals' full names, emails, phone numbers, encrypted passwords, and verification tokens, as well as join dates and private chats, according to Cybernews researchers, who noted that severity of the leak even though Al-Anon immediate acted to secure the database upon reporting. "The exposure of not just personal data, but also private communications, represents a serious violation of user trust and could lead to emotional distress, identity theft, and other privacy concerns," said researchers, who recommended robust database authentication and encryption, comprehensive data audits, regular security evaluations, and breach notification transparency to prevent and mitigate data exposures.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.