Subj : Disability monitoring tool leaked personal information online To : All From : TechnologyDaily Date : Fri Jan 31 2025 15:15:06 Disability monitoring tool leaked personal information online Date: Fri, 31 Jan 2025 15:02:00 +0000 Description: AngelSense was leaking names, location data, and more to anyone with a browser and knowledge of the right IP address. FULL STORY ======================================================================Security researchers find unprotected database belonging to AngelSense Company builds GPS tracking devices for persons with disabilities The database contained names, GPS data, and more A GPS tracking gear manufacturer was reportedly at risk of leaking sensitive data on the internet, experts have warned. Cybersecurity researchers UpGuard discovered a non-password-protected database belonging to AngelSense online, keeping it active for at least a few weeks, filling it up with information generated by its equipment. AngelSense is a GPS tracking and safety device designed for individuals with special needs, such as children with autism or elderly individuals with dementia. It provides real-time location tracking, two-way voice communication, and alerts to caregivers to ensure their loved ones' safety and well-being. Shutting down access TechCrunch says the company is touted by law enforcement and police departments across the US. Unprotected databases are, unfortunately, a common occurrence and one of the key causes of data leaks. In this incident, the company was storing real-time updating logs from an AngelSense system, including personal information of AngelSense customers. Names, postal addresses, phone numbers, GPS coordinates, health information, and more, were being exposed. Furthermore, the database kept technical logs about the companys systems, as well. Email addresses, passwords, authentication tokens for accessing customer accounts, and partial credit card information were all being stored in plaintext. The archive has since been closed down, however the researchers couldnt establish exactly for how long the database was exposed, although the databases listing on Shodan shows it was first spotted on January 14, although it could have been available for longer. It is also unknown if anyone found it before UpGuard. All a person would need is knowledge of the IP address and a browser. It was only when UpGuard phoned us that the issue was raised to our attention, AngelSence CEO, Doron Somer, admitted. Upon its discovery, we acted promptly to validate the information provided to us and to remedy the vulnerability. We note that other than UpGuard, we have no information suggesting that any data on the logging system potentially was accessed. Nor do we have any evidence or indication that the data has been misused or is under threat of misuse. Via TechCrunch You might also like Blood donation firm reveals donor personal data stolen in cyberattack We've rounded up the best password managers Take a look at our guide to the best authenticator app ====================================================================== Link to news story: https://www.techradar.com/pro/security/disability-monitoring-tool-leaked-perso nal-information-online --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .