Connect with us

Hi, what are you looking for?

Tech & Science

Popular children’s story books service exposes millions of user records

Another example where a massive amount of personally identifiable information exposed on the Internet.

Mongolian pupils go back to school and end long education exile
Mongolian children have returned to the classroom after along a Covid-shutout - Copyright AFP/File Byambasuren BYAMBA-OCHIR
Mongolian children have returned to the classroom after along a Covid-shutout - Copyright AFP/File Byambasuren BYAMBA-OCHIR

An open and unprotected MongoDB database belonging to children’s story time application, FarFaria, has exposed the personally identifiable information of 2.9 million users. FarFaria is an application for “the perfect story time experience”.

Data breaches continue to rise, both in terms of the number of incidents and the financial value of those incidents. In total, data breach costs for the U.S. have risen from US$3.86 million in 2020 to US$4.24 million this year to date. This presents an approximate 10 percent increase

With the story book incident, the exposed personal data included emails, encrypted passwords, sign-in info, social media tokens and authentication tokens. The database has been secured, however the organization has not provided a comment. In the U.S., personal data is governed by the Privacy Act of 1974 (Pub.L. 93–579, 88 Stat. 1896, enacted 31 December 1974, 5 U.S.C. § 552a), a United States federal law, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information.

Assessing the situation for Digital Journal is Anurag Kahol, CTO and co-founder of Bitglass.

Kahol places this breach in context of many others that have occurred, noting: “This is yet another example where a massive amount of personally identifiable information has been left exposed on the web without any authentication controls in place.”

What is also concerning is the demographic involved. Here Kahol comments: “Children are particularly at risk, as their exposed data can be easily stolen by threat actors and leveraged to commit identity theft or conduct highly targeted phishing schemes.”

There are future considerations from this incident. In particular, Kahol recommends: “When creating accounts for their children, parents should be able to trust that their data will be protected, which can only be done when businesses take a proactive approach to security”

In terms of taking robust action by using the best available technology, Kahol advises consideration of platforms like: “Multi-faceted cybersecurity platforms like secure access service edge (SASE) can provide organizations with critical capabilities like data loss prevention (DLP), multi-factor authentication (MFA), user and entity behavior analytics (UEBA) and cloud security and posture management (CSPM).”

Kahol concludes, making the key point: “These security technologies enable full visibility and control across all data centers and prevent exposure of sensitive data”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Cybersecurity tip: identify vulnerabilities and stop threats across the breadth of the network.

Tech & Science

We are approaching the final countdown to the Crew-5 Mission to the International Space Station at 12 p.m. EDT on Wednesday.

Business

One solution many aren’t thinking about is tapping their employees to be their biggest brand ambassadors.

Business

US authorities will require flight attendants be given an additional hour to rest between trips.