Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server


Database is still available online after failed attempts to contact the app maker.

Dalil app
Image: ZDNet

Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.

Discovered by security researchers Ran Locar and Noam Rotem, the database contains what appears to be the app’s entire data, from user personal details to activity logs.

Details included in a sample reviewed by ZDNet revealed the database contained information such as:

Read more…