The Location Data of Family Locator Users Was Publicly Available
The tracking of family members location via their smartphones can be executed online by anyone. The popular Family Locator app’s developers made a mistake that resulted in turning up the location of more than 238,000 users available in the public domain.
The details of users’ location, their names, addresses, emails, profile images, and passwords were stored on the unencrypted server. This troublesome finding was discovered by the cybersecurity researcher Sanyam Jain, contacting TechCrunch to fix the issue immediately and hide data from scammers. The journalists began their investigation, trying to find the evidence of integrity that all the data belong to the real people. Finally, they succeeded to contact one person who confirmed the relevance of the private geolocation details.
Right after that, the involved specialist made several attempts to get in touch with the React Apps company which designed the app, but it was all in vain. There was no contact information on the official site, and the emails sent via the contact form had no reply. All the unprotected data was stored in the cloud owned by Microsoft.
Accordingly, techcrunchers appealed to Microsoft to lock the server access in a bid to manage the breach.