Chris Vickery sends along this alert to everyone who used the iPhone app Kinoptic and/or who may know how to get in touch with the developer:
Post-mortem breaches can be just as harmful as live production leaks… at least for these 198,000 people.
About three years ago there was an iPhone app named Kinotopic. According to their website, which is still up, “Kinotopic allows you to create, share, and store short video moments and make them more expressive – in the form of animated pictures and cinemagraphs.”
Past users of Kinotopic may be interested to learn that there is currently a MongoDB database that appears to belong to Kinotopic sitting out on the open internet with no protection whatsoever. This derelict MongoDB instance contains, among other things, the email addresses, usernames, and hashed passwords for, what appear to be, over 198,000 previous Kinotopic users.
Read more on MacKeeper. Chris has had no luck tracking down the developer, and Apple is of no help in this matter, he writes. See his post for more details about what he’s tried already to find them and contact them.
And if you used Kinoptic, Chris writes, “it’s probably time to cycle in some new passwords to your mix.”