SECURITY
SECURITY
SECURITY
Kids fairy tale app FarFaria leaks 2.9M user details through unsecured database
FarFaria, an online app that offers fairy tales for kids two to nine years old, has been found to expose the details of its 2.9 million users.
Discovered and detailed today byBob Diachenko, the head of security research at Comparitech, the data was open to all and sundry on a misconfigured MongoDB database. The data exposed included email addresses, authentication tokens, sign-in info and social media information.
Diachenko noted that he discovered the exposed database on Aug. 9 and tried to contact the company but received no response. FarFaria is a venture capital-backed company, having raised $3.3 million from Inventus Capital Partners, according to Crunchbase.
SiliconANGLE has asked for comment from FarFaria and Inventus Capital Partners and will update this post if responses are forthcoming.
“There is an incredible amount of cyber risk involved with today’s younger generation, as children are increasingly using the internet for their education and activities,” Robert Prigge, chief executive officer of identity verification company Jumio Corp., told SiliconANGLE. “With 2.9 million FarFaria user records exposed, it’s likely the information has already been leaked on the dark web, placing children in greater danger of being victimized online from a much younger age than previous generations.”
Prigge went on to explain that although the passwords were encrypted, fraudsters can easily decipher encrypted passwords. In doing so, they can “leverage bots and credential stuffing in an attempt to access other online accounts, such as school platforms, social media accounts, learning applications and more.”
Anurag Kahol, chief technology officer and co-founder of total cloud security firm Bitglass Inc., noted that this is yet another example where a massive amount of personally identifiable information has been left exposed on the web without any authentication controls in place.
“Children are particularly at risk, as their exposed data can be easily stolen by threat actors and leveraged to commit identity theft or conduct highly targeted phishing schemes,” Kahol said. “When creating accounts for their children, parents should be able to trust that their data will be protected, which can only be done when businesses take a proactive approach to security.”
Image: FarFaria
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
