More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, Redis, MongoDB and others. Mobile Threat Team called the vulnerability HospitalGown and said the culprit behind the threat are misconfigured backend storage platforms including Elasticsearch and Redis. Attacks can quickly escalate and personal information could easily be leveraged in a spear phishing attack or brute force attack, researchers said. The problem is a byproduct of insecure database instillations that made headlines in February.
Source: https://threatpost.com/insecure-backend-databases-blamed-for-leaking-43tb-of-app-data/126021/