Angelsense, an auxiliary technology company that provides location monitoring devices for people with disabilities, diffuses personal information and exact location data of its users on the Open Internet, TechCrunch has learned.
The company secured the exposed server on Monday, more than a week after the data leak was notified by the UPGUARD security company.
UPGUARD shared details of the report exclusively with TechCrunch, as Angelsense was resolved. UPGUARD has Since then she has posted a blog post In the incident.
New Jersey -based Angelsense provides GPS tracking and location monitoring to thousands of customers, according to In the mobile apps listand is offended by law enforcement and police stations in all the United States.
According to UPGUARD researchers, Angelsense left an internal database on the Internet without a password, allowing anyone to access the data using only one web browser and knowledge of the public database’s IP address. The database stores real -time update recordings from an Angelsense system, which included the personal information of Angelsense customers, as well as technical logs for the company’s systems.
UPGUARD said it found customer personal data, such as names, postal addresses and telephone numbers in the exposed database. Researchers said they also found GPS coordinates that people were being monitored – including relevant health information about the detected person, which included conditions such as autism and dementia. The researchers also found email addresses, passwords and identity to access customer accounts, as well as a few credit card information – which were visible to Plaintext, UPGUARD said.
It is not known how long the database was exposed nor how many customers were affected. According to the registration of the Database in Shodan, a search engine and systems searching on the internet, the exposed Angelsense record database was first detected on the Internet on January 14, although it may have been exposed at some point earlier.
Angelsense CEO Doron Somer confirmed to TechCrunch that the company took the exposed offline server after initial recognition of the first UPGUARD email.
“Only when the upguard phoned us that the issue was put on our attention,” Somer said. “During his discovery, we immediately acted to validate the information provided to us and correct the vulnerability.”
“We note that in addition to UPGUARD, we do not have information indicating that data on the recording system may have access. Neither do we have any evidence or indication that data has been abused or threatened to abuse,” Somer told Techcrunch, arguing, arguing, arguing, arguing. that the data “was not sensitive personal information”.
Somer would not say whether the company has the technical means to find out if there was access to the non -protected server before the UPGUARD discovered.
When asked if the company was planning to notify affected customers and the people whose data was exposed, Somer said the company was still investigating.
“If the notice to the regulators or persons is justified, of course we will provide it,” Somer said.
Somer did not respond to a surveillance survey until the press time.
Database reports are often the result of misinterpretations caused by human error rather than malicious intent and have become increasingly common in recent years. Similar security losses to the exposed databases have led to the leak of sensitive US military emails, the leakage of real -time text messages containing two -factor codes and AI chatbots conversation stories.
