Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Andrew Tate’s ‘The Real World’ exposes almost a million users

Andrew Tate’s The Real World platform has accidentally leaked a trove of sensitive user data after it left one of its online databases exposed.

user icon Daniel Croft
Fri, 17 May 2024
Andrew Tate's 'The Real World' exposes almost a million users
expand image

For context, The Real World is a controversial “learning platform” that markets itself as a way for users to learn the key skills needed to become rich.

Like Tate himself, the platform has been heavily ridiculed and faced major controversy, with some calling it a get-rich-quick “cult”.

As first reported by CyberNews, a MongoDB database containing 88 gigabytes of data belonging to 968,447 user accounts has been exposed since at least 8 April 2024.

============
============

Like many leaked MongoDB databases, experts believe that this is a result of the database being misconfigured.

The data exposed included user IDs, email addresses, encrypted passwords, password expiration dates, account verification status, recovery codes, and reset tokens. A total of 891,646 user devices were also exposed, revealing user IDs, tokens, and what platform users were accessing the platform from.

Additionally, more than 6.4 million session tokens and user IDs were contained within the database. These session tokens are used to identify specific users when matched to user IDs, meaning that threat actors can use them to impersonate users without needing to gain access to their accounts.

It doesn’t stop there. The CyberNews team discovered that the database also contained multifactor authentication (MFA) tickets, event logs, server bans and more admin-level data not to be seen by the public.

“The exposure of messages, user devices, and other collections such as server bans and MFA tickets could allow malicious actors to exploit vulnerabilities, launch phishing attacks, or engage in identity theft on a massive scale, posing significant risks to both individuals and the platform itself,” the CyberNews researchers said.

The final cherry on top is that 22 million user messages dating back as far as October 2022 were also exposed. The most recent messages are from April this year.

While the leak isn’t expected to be the result of a cyber attack, researchers discovered a second IP with the database online, which could indicate that it has already been copied by threat actors.

Misconfigured MongoDB databases are a common issue, with a number of organisations accidentally leaving data exposed online as a result.

In February, a Russian website builder called uID.me exposed the data of over 54 million users online.

Exposed customer data includes names, usernames, dates of birth, IDs, contact details such as emails and phone numbers, locations, timestamps, and IP addresses. Increasingly sensitive data such as password hashes, authentication hashes, biographies, links to photos, secret answers, last visitor IPs, and social media profiles were also exposed.

“With access to this comprehensive dataset, threat actors could conduct various malicious activities, including identity theft, phishing attacks, social engineering schemes, unauthorised access to accounts across multiple social media platforms, and potentially compromising individuals’ online security and privacy,” cyber security researcher Bob Diachenko said via CyberNews.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.