News

Dalil Data Breach Exposes Personal Data of 5 Million Users

Dalil, the popular Saudi Arabian mobile communication application with more than 5 million downloads, was found to have exposed user data in a MongoDB to the internet. According to the researchers at VpnMentor, the root cause of the security breach was due to Dalil gathering user data in an unsecured and unmonitored MongoDB database. Every users information is accessible without any form of authentication.

By default, Dalil collects the following data from users from initial setup

– Cellphone number

– IP address

– Device model, token, serial number, and operating system

– Device IMEI

– Sim card and network provider information

– GPS and network location information

Additionally, the users are given the option to include more information which includes email account, first and last name, gender, and even profession. All of the data mentioned above is currently accessible by the public stored in an unsecured database.

Additionally, the users are given the option to include more information which includes email account, first and last name, gender, and even profession. All of the data mentioned above is currently accessible by the public stored in an unsecured database.

Dalil’s security breach raises major security concerns for the users of Dalil. Two major security issues that is likely to occur is targeted adware and malware. The critical information that has been exposed can be sold to advertisers, governments or even terror organizations that could induce targeted ads to those users. Another major concern is malware placements on user devices as Dalil users’ phone information were leaked as well. Furthermore, VpnMentor researchers also discovered unusual app permissions such as reroute calls which raises suspicion of surveillance from the Saudi government.

The lessons to take away from this breach is to be warier of agreeing to app permissions regardless of the app’s popularity. We should always be more mindful and cautious of what information we are giving out to companies and applications in exchange for their services.

Contact Us

InfoTransec Inc.

Telephone:
+1 855-INFOSEC (463-6732)

Hours:
9am – 5pm   Weekdays

Address:
The Atrium @ MIP
McMaster Innovation Park
Suite 416A-8
175 Longwood Road South,
Hamilton, ON, L8P 0A1

© InfoTransec – 2019 – All Rights Reserved | Privacy Policy

Icons made by Freepik from www.flaticon.com is licensed by CC 3.0 BY