Popular children’s storybook service exposes millions of user records

Mongolian children returned to class after a Covid shutdown – Copyright AFP / File Byambasuren BYAMBA-OCHIR

An open and unprotected MongoDB database owned by the children’s storytime app, FarFaria, has exposed personally identifiable information 2.9 million users. FarFaria is an app for “the perfect storytime experience”.

Data breaches continue to increase, both in terms of the number of incidents and the financial value of those incidents. In total, the data breach costs for the United States have grown from $ 3.86 million in 2020 to $ 4.24 million this year to date. This represents an increase of about 10 percent

With the storybook incident, the personal data exposed included emails, encrypted passwords, login credentials, social media tokens, and authentication tokens. The database was secured, but the organization did not provide a comment. In the United States, personal data is governed by the Privacy Act of 1974 (Pub.L. 93-579, 88 Stat. 1896, enacted December 31, 1974, 5 USC § 552a), a federal law of the United States, establishes a Code of Fair Information Practice which governs the collection, maintenance, use and dissemination of personally identifiable information.

Assess the situation for Digital journal is Anurag Kahol, CTO and co-founder of Bitglass.

Kahol places this breach in the context of many others that have occurred, noting, “This is yet another example where a massive amount of personally identifiable information has been left exposed on the web without any authentication checks in place. “

What is also worrying is the demographics involved. Here, Kahol comments: “Children are particularly at risk because their exposed data can be easily stolen by malicious actors and exploited to commit identity theft or carry out highly targeted phishing schemes. “

There are future considerations of this incident. In particular, Kahol recommends: “When creating accounts for their children, parents need to be able to be confident that their data will be protected, which can only be done when companies take a proactive approach to security.”

In terms of taking robust action using the best available technology, Kahol advises considering platforms such as: Factor-Based Authentication (MFA), User and Entity Behavior Analysis (UEBA) and Cloud Security and Posture Management (CSPM).

Kahol concludes by emphasizing the key point: “These security technologies allow complete visibility and control over all data centers and prevent the exposure of sensitive data.”