MyEstatePoint App Exposes Data of Half a Million Users
The MyEstatePoint Property Search app (developed by NJ Technologies) has exposed the sensitive information of nearly half a million users. The popular Android real estate app left user data, including names, passwords, email addresses, and phone numbers, unprotected on a public-facing MongoDB server. With over half a million downloads, it seems that nearly every registered user with the app may have had their data exposed.
The breach was discovered by the Cybernews research team on November 6, 2023, when they identified an unprotected server related to the app that housed extensive user details. The exposed information comprised first and last names, plain-text passwords, email addresses, mobile phone numbers, city details, business descriptors, and signup methods.
This comprehensive dataset poses severe risks, potentially enabling threat actors to exploit the information for unauthorized access to accounts, identity theft, and fraudulent activities.
MyEstatePoint Property Search is a key player in India’s real estate mobile application market and serves a predominantly Indian user base. But despite the breach being patched, NJ Technologies has not responded to requests for comments. It remains unclear whether affected users have been informed of the potential risks to their privacy and security.
The exposed data raises concerns about the exploitation possibilities. Cybercriminals could leverage specific or combined details for identity theft, phishing attacks, financial fraud, and other scams. The use of plain-text passwords further escalates the risk, especially for users who reuse passwords across multiple accounts.
In light of this breach, MyEstatePoint Property Search app users are advised to change their passwords immediately, using complex and secure alternatives. Additionally, caution is recommended regarding phishing messages, as threat actors may use leaked personal data for social engineering attacks. Users are also encouraged to consider using dark web monitoring services to check if their data has surfaced on underground marketplaces and forums.
Please, comment on how to improve this article. Your feedback matters!