Zack Whittaker reports:
A popular family tracking app was leaking the real-time locations of more than 238,000 users for weeks after the developer left a server exposed without a password.
The app, Family Locator, built by Australia-based software house React Apps, allows families to track each other in real-time, such as spouses or parents wanting to know where their children are. It also lets users set up geofenced alerts to send a notification when a family member enters or leaves a certain location, such as school or work.
But the backend MongoDB database was left unprotected and accessible by anyone who knew where to look.
Read more on TechCrunch.
Is this the same leak that Motherboard reported on, or is this an unrelated leak? Zack tells me that these are totally unrelated leaks. So we’ve had two reports of leaks with sensitive info and neither company could be contacted or was responsive when people attempted to notify them to secure their data?
The FTC really needs to go after companies who provide no way to notify them or who are not promptly responsive. Seriously. Saying you care about privacy and take it seriously is just a load of manure if no one can reach you to alert you when you’re bleeding sensitive data everywhere.
It also lets users set up geofenced alerts to send a notification