From zdnet.com
![Dalil app](https://zdnet3.cbsistatic.com/hub/i/2019/03/05/6a5fe932-025f-438a-a6a1-c65e342c0757/ad382751b7e86e19a149467178efe6a0/dalil.jpg)
Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.
Discovered by security researchers Ran Locar and Noam Rotem, the database contains what appears to be the app’s entire data, from user personal details to activity logs.
Details included in a sample reviewed by ZDNet revealed the database contained information such as: