From zdnet.com
Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.
Discovered by security researchers Ran Locar and Noam Rotem, the database contains what appears to be the app’s entire data, from user personal details to activity logs.
Details included in a sample reviewed by ZDNet revealed the database contained information such as: