Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram youtube

Explore

SECTIONS

MORE

search button

Over 2.1m exposed in learning app breach

A data leak on a major learning application has resulted in the data of 2 million users being exposed.

user icon Daniel Croft
Fri, 09 Feb 2024 Security
Over 2.1m exposed in learning app breach
expand image

The research team for cyber security publication Cybernews discovered that the learning app LectureNotes exposed the personal and access data of users and administrators of the application as a result of a misconfigured MongoDB database. This resulted in the database being publicly accessible.

Researchers from Cybernews said that this could have been prevented with simple authentication measures.

“The rule of thumb for MongoDB administrators is always to enable authentication and ensure that only authorised users can access the database. Using strong passwords and keyfile authentication improves security,” said Cybernews researchers.

============
============

A total of 2,165,139 users had their data compromised in the leak, with data including full name, username, phone number, email, encrypted password, IP address, user-agent, session tokens and in some cases, admin authorisation details such as IDs and “secrets”.

“The exposure of session tokens poses a severe threat, potentially allowing a potential attacker to illicitly access user sessions without requiring passwords,” wrote Cybernews researchers.

“Furthermore, the compromised administrator authorisation details, including IDs and secrets, elevate the risk by providing unauthorised access to privileged accounts, possibly leading to malicious activities and unauthorised control over the platform’s functionalities.”

With the stolen session tokens, hackers would be able to access user sessions without password authentication.

Additionally, the admin credentials would allow threat groups to inject malware and deploy other attacks, such as phishing and ransomware.

Cyber Daily logo
VIEW ALL

Cybernews researchers added that MongoDB databases have poor default security options, and this is overlooked.

Researchers from the publication recommend users implement solutions that monitor security issues.

LecutreNotes has been downloaded over half a million times on the Google Play Store and allows students, teachers and educational institutions to share notes peer to peer.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA