Children’s Educational Site Exposes Thousands of User Accounts and Payment Data

Another child-oriented site has exposed information due to a misconfigured MongoDB installation. This time, it’s ABCya.com, according to the MacKeeper security research team.

Here’s what they reported they found exposed:

  • credentials and information of 11k+ archived customers (including IP addresses, email addresses, names, temporary access codes, hashed and salted passwords)
  • credentials and information on 21k+ active customers (including credit cards details such as hashed ID, fingerprints, expiration year and month, last 4 digits and card name in plain text).
  • more than 3k+ Stripe tokens and information
  • credentials of 4 “super admin” users for ABCya with encrypted/salted passwords and details.

Read more on MacKeeper Security Watch.

CORRECTION: This report was incorrectly attributed to Chris Vickery. The correct attribution is MacKeeper Security Research.

 

About the author: Dissent

Comments are closed.