cybernews.com
Open in
urlscan Pro
2606:4700:3108::ac42:283b
Public Scan
URL:
https://cybernews.com/security/hello-alfred-data-leak/
Submission: On November 08 via api from US — Scanned from DE
Submission: On November 08 via api from US — Scanned from DE
Form analysis
2 forms found in the DOMGET /search/
<form class="header__search-form" action="/search/" method="get" data-js-search-mobile="">
<input class="header__search-form-input" placeholder="Search..." type="search" data-js-search-input-mobile="">
<button type="submit" class="header__search-form-button" title="Search">
<svg class="svg-icon header__search-form-button-icon" width="22" height="22">
<use xlink:href="#mdi-magnify"></use>
</svg>
</button>
</form>
POST /api/add-comment/
<form id="comment-form" class="space space_size_n text text_size_small" action="/api/add-comment/" method="POST">
<label for="comment-form-text">
<strong class="form-label form-label_required">Comment</strong>
<textarea id="comment-form-text" name="comment" required="" cols="45" rows="8" class="form-input space space_size_s" minlength="3"></textarea>
</label>
<div class="space space_size_n">
<div class="cells cells_responsive">
<label class="cells__item cells__item_width cells__item_width_2" for="comment-form-name">
<strong class="form-label form-label_required">Name</strong>
<input id="comment-form-name" type="text" name="name" required="" class="form-input space space_size_s" minlength="3">
</label>
<label class="cells__item cells__item_width cells__item_width_2" for="comment-form-email">
<strong class="form-label form-label_required">Email</strong>
<input id="comment-form-email" type="email" name="email" required="" class="form-input space space_size_s" minlength="3">
</label>
</div>
<label class="space space_size_n display_block" for="privacy_policy">
<strong class="form-label form-label_required">Privacy Policy Agreement</strong>
<span class="space space_size_s content display_block">
<input id="privacy_policy" name="privacy_policy" required="" type="checkbox"> I agree to the <a class="link" href="https://cybernews.com/terms-conditions/" target="_blank" rel="noreferrer">
Terms & Conditions
</a> and <a href="https://cybernews.com/privacy-policy/" target="_blank" rel="noreferrer">
Privacy Policy
</a>. </span>
</label>
</div>
<div class="space space_size_l">
<button class="button" type="submit"> Post comment </button>
</div>
</form>
Text Content
* News * Cybersecurity news * Cyber war news * Editorial * Security * Privacy * Crypto * Tech * Resources * What is a VPN? * How to use a VPN? * What is malware? * Are password managers safe? * More resources * Tools * Strong password generator * Personal data leak checker * Password leak checker * Website security checker * Ransomlooker * VPN speed test * Reviews * Antivirus software * Best VPN services * Password managers * Best ad blockers * Secure email providers * Best website builders * Best web hosting services * Follow * * * * * * * © 2023 CyberNews - Latest tech news, product reviews, and analyses. 1. Home 2. Security HELLO ALFRED APP EXPOSES USER DATA Updated on: 27 October 2023 * Paulina Okunytė Journalist -------------------------------------------------------------------------------- Image by Cybernews Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user data. Hello Alfred is a one-stop application allowing real estate developers and property managers to provide in-home services and maintenance to residents. It also enables landlords to collect rent in-app. Residents using the platform get an app-based personal assistant service for their apartments. A designated Hello Alfred employee handles the residents' home-related inquiries, such as managing weekly shopping, in-home delivery, or picking up dry cleaning. On September 19th, researchers discovered that the platform exposed sensitive user data. The leaked information included: * First and last name * Email address * Phone number * Home address * Authentication tokens * Private notes * App signup details, such as dates, IPs, cookies, and user agents * Partial payment information for paid users – including the last four digits of credit card numbers, expiry month/year, and Stripe IDs The owners of the app were informed about the leak and secured access almost immediately. Cybernews contacted the company for an official comment but received no reply at the time of writing. Launched nine years ago, the New York-based platform has publicly raised $56.5 million in funding and operates in over 20 cities in the US. In 2018, business magazine Fast Company selected the company as one of the Top 50 Most Innovative Companies in the World. Source: Cybernews PASSWORDLESS DATABASE The cause of the data leak was a publicly accessible MongoDB, a document-orientated database program. According to Bob Diachenko, the CEO of SecurityDiscovery and who first identified the leak, at least three IP addresses of the same database were left passwordless and indexed by public search engines. The exposure of sensitive data, including user names, contact information, authentication tokens, private notes, and partial payment information in a resident management software application raises significant concerns about user privacy and security. Source: Cybernews If the threat actors had taken advantage of the free access to Alfred’s user data, they could have potentially exploited it in various ways, including fraud, identity theft and impersonation. This makes the data breach a serious threat to both users and the application's integrity. The data leak greatly increases the risk of spearphishing attacks, as attackers could leverage user contact details and partial payment information to craft targeted attack campaigns, leading to financial scams. The four last digits of the credit card could potentially trick a victim into revealing the remaining banking information. -------------------------------------------------------------------------------- MORE FROM CYBERNEWS: Experts name essential skills to beat the robot takeover 23andMe data breach impacts its DNA Relatives feature Microsoft lure used in Webmail zero-day attack Video and Audio calls coming to X OpenAI, Microsoft, Google, Anthropic create $10M AI safety fund, appoint new director Subscribe to our newsletter Share Post Share Share Share -------------------------------------------------------------------------------- Editor's choice EDITORIAL Book review – Going Infinite: The Rise and Fall of a New Tycoon by Susan Morrow 03 November 2023 Sam Bankman-Fried is on trial for the biggest crypto fraud of all time, accused of stealing an astonishing $10 billion. Michael Lewis followed the Crypto King for eight months to give us an insight into a strange world where effective altruism went spectacularly wrong. Read more about Sam Bankman-Fried is on trial for the biggest crypto fraud of all time, accused of stealing an astonishing $10 billion. Michael Lewis followed the Crypto King for eight months to give us an insight into a strange world where effective altruism went spectacularly wrong. The man who found a world: detecting an exoplanet 02 November 2023 Exclusive: OSINT detectives discover crucial hints in the mystery of the teenager’s disappearance 01 November 2023 The hacker who breached NASA to prove that UFOs exist 31 October 2023 Boeing claimed by LockBit ransom gang 27 October 2023 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Leave a Reply Your email address will not be published. Required fields are marked Comment Name Email Privacy Policy Agreement I agree to the Terms & Conditions and Privacy Policy . Post comment * Categories * News * Editorial * Security * Privacy * Crypto * Cloud * Tech * Reviews * Antivirus Software * Password Managers * Best VPNs * Best VPN for iPhone * Secure Email Providers * Website Builders * Best Web Hosting Services * Tools * Password generator * Personal data leak checker * Password leak checker * Website security checker * Ransomlooker * VPN speed test * Coupon codes * ENGAGE * About Us * Send Us a Tip * Careers * Academy * * * * * * * * About Us * Contact * Send Us a Tip * Privacy Policy * Terms & Conditions * Vulnerability Disclosure © 2023 Cybernews – Latest Cybersecurity and Tech News, Research & Analysis. This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy . I Agree