Share this article on:
Almost half a million users of a popular real estate Android app have had their names and passwords exposed, according to new reports.
The app in question is the MyEstatePoint Property Search app, which was developed by Indian software developer NJ technologies. The majority of users are from the Indian market.
As initially reported by CyberNews, the MyEstatePoint Property Search app exposed customer data after it left a MongoDB server containing the details publicly accessible.
“This comprehensive dataset poses severe risks as threat actors could exploit the exposed information for unauthorised access, identity theft, fraudulent activities, and potentially compromise the privacy and security of the affected individuals,” said NJ Technologies.
Just over half a million users have downloaded the MyEstatePoint Property Search app on the Google Play Store, while the exposed server had the data of 497,000 users, meaning almost all users were affected.
The data included first and last names, plain-text passwords, mobile phone numbers, email addresses, sign-up methods, and users’ city and business descriptors.
The range of exposed data could lead to thousands of future attacks. These attacks could expand to other services as well, including financial and banking services, as many individuals reuse usernames and passwords for multiple accounts.
NJ Technologies has currently remained quiet on the incident. Furthermore, there is currently no evidence of any data being used by threat actors for malicious purposes.
Cyber Daily has reached out to NJ Technologies requesting comment on the incident.