Children’s Educational Site Exposes Thousands of User Accounts and Payment Data
Another child-oriented site has exposed information due to a misconfigured MongoDB installation. This time, it’s ABCya.com, according to the MacKeeper security research team.
Here’s what they reported they found exposed:
- credentials and information of 11k+ archived customers (including IP addresses, email addresses, names, temporary access codes, hashed and salted passwords)
- credentials and information on 21k+ active customers (including credit cards details such as hashed ID, fingerprints, expiration year and month, last 4 digits and card name in plain text).
- more than 3k+ Stripe tokens and information
- credentials of 4 “super admin” users for ABCya with encrypted/salted passwords and details.
Read more on MacKeeper Security Watch.
CORRECTION: This report was incorrectly attributed to Chris Vickery. The correct attribution is MacKeeper Security Research.