Topics
late
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
clime
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
security system
Social
Space
startup
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video recording
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
AngelSense , an assistive engineering companionship that provides location monitoring equipment for people with disabilities , was spilling the personally identifiable information and accurate location information of its exploiter to the open internet , TechCrunch has learned .
The company batten the exposed server on Monday , more than a calendar week after it was alerted to the data leak by research worker at security firm UpGuard .
UpGuard shared detail of the exposure exclusively with TechCrunch after AngelSense resolved the lapse . UpGuard hassince published a blog poston the incident .
The New Jersey - found AngelSense provides GPS tracker and location monitoring to thousands of customers , accordingto its fluid app list , and is touted by law enforcement and police departments across the United States .
According to UpGuard ’s researcher , AngelSense left an national database exposed to the internet without a word , allowing anyone to get to the data inside using only a web web browser and knowledge of the database ’s public IP address . The database was put in tangible - time updating logs from an AngelSense system , which included the personal entropy of AngelSense customer , as well as technological logs about the company ’s systems .
UpGuard order it found customers ’ personal data , like names , postal addresses , and headphone numbers in the expose database . The investigator said they also found GPS coordinates of individual being monitor — admit associated wellness data about the tracked person , which include conditions like autism and dementedness . The researcher also discover electronic mail addresses , parole , and authentication tokens for access client accounts , as well as fond credit wag information — all of which was seeable in plaintext , UpGuard said .
It ’s not known exactly how long the database was exposed nor how many client were affected . agree to the database ’s list on Shodan , a hunting locomotive engine of internet - facing gimmick and systems , AngelSense ’s exposed log database was first distinguish online on January 14 , though it may have been exposed some clip sooner .
AngelSense chief executive Doron Somer confirmed to TechCrunch that the companionship make the let out waiter offline after ab initio identifying UpGuard ’s first email as junk e-mail .
“ It was only when UpGuard phone us that the issue was raised to our attention , ” Somer said . “ Upon its find , we acted readily to validate the entropy leave to us and to remedy the vulnerability . ”
“ We note that other than UpGuard , we have no selective information intimate that any data on the logging system potentially was accessed . Nor do we have any evidence or meter reading that the information has been misused or is under terror of misuse , ” Somer told TechCrunch , claim that the data “ was not sensitive personal selective information . ”
Somer would not say if the company has the proficient means to determine if there was any access to the unprotected server prior to UpGuard ’s discovery .
When asked if the companionship planned to notify impact client and individual whose data was expose , Somer said the company was still investigating .
“ If notice to regulators or persons is justify , we will of course provide it , ” Somer said .
Somer did not respond to a follow - up inquiry by printing press time .
Database exposures are often the result of misconfigurations cause by human mistake , rather than malicious intent , and have become an increasingly coarse occurrence in recent age . interchangeable certificate lapses of exposed databases have resulted in thespill of tender U.S. military emails , the real - time leak of textbook messagescontaining two - constituent code , andchat history from AI chatbots .
