Learning App Data Leaks – Exposing Millions

This post is also available in: עברית (Hebrew)

A mere misconfigured database has exposed more than two million user records on LectureNotes Learning App, a platform for sharing class notes.

Back in December researchers from Cybernews discovered a misconfigured MongoDB database belonging to LectureNotes, which was being updated in real-time and exposed the personal and access data of users and app admins.

According to Cybernews, over 2 million user records were compromised. The leaked data included usernames, personal names, emails, encrypted passwords, phone numbers, IP addresses, session tokens, and even some administrators’ authorization details.

The researchers claim: “The exposure of session tokens poses a severe threat, potentially allowing a potential attacker to illicitly access user sessions without requiring passwords. Furthermore, the compromised administrator authorization details, including IDs and secrets, elevate the risk by providing unauthorized access to privileged accounts, possibly leading to malicious activities and unauthorized control over the platform’s functionalities.”

Furthermore, exposed session tokens could have been re-used to access the user’s session without actually entering the password. Cyberattackers could also exploit leaked admin credentials to deploy ransomware, conduct phishing attacks, and cause other potentially significant damage.

The issue was fixed two days after it was disclosed, and the researchers attribute the leak to a misconfigured MongoDB database that was left public, adding that the whole situation could have been prevented with proper authentication and access controls.

MongoDB stores data in a flexible format similar to JSON and is a popular choice as a NoSQL database solution. Its default options often lack strong security features, which administrators often overlook.

“The rule of thumb for MongoDB administrators is always to enable authentication and ensure that only authorized users can access the database. Using strong passwords and keyfile authentication improves security,” suggest the researchers, and recommend implementing monitoring solutions to detect unusual activity or potential security incidents and setting up alerts for suspicious events for rapid response.