14 DAY TRIAL // MacKeeper security researcher Chris Vickery has discovered a database belonging to an abandoned iOS app that's easily accessible via the Internet, exposing the personal details of over 198,000 users.
The Kinoptic iOS app allowed users to create cinematic slideshows of their photos, piece multiple photos into a video-like slideshow, and even animate smaller portions of one photo, all for the purpose of sharing with their friends and family.
The app launched in 2012, and by the end of 2015, after failing to garner a bigger following, the app was removed from Apple's App Store, and its website later succumbed in the early days of 2016.
Now, security researcher Chris Vickery, who has made a habit of searching the Internet for exposed MongoDB databases, says that the (MongoDB) database associated with this app has remained online, despite Kinoptic's shutdown.
Kinoptic developers left MongoDB online after shutting down the app
Instead of being powered down and scraped like developers usually do with discontinued apps, Kinoptic's developers simply abandoned their service, leaving it as it was.
Mr. Vickery says that this database is exposed online via a default MongoDB configuration that allows anyone to access its content without any authentication.
Exposed data includes usernames, email addresses, and hashed passwords, along with other details stored in Kinoptic profiles.
Apple didn't want to help the researcher track down Kinoptic's devs
But this isn't the worst news that Vickery delivered yesterday, saying that there is no way to get in contact with the app's developers, which means this data will remain online until the database is powered down, or the developers stop paying their server bills.
Besides contacting the app's authors via support email addresses listed in earlier versions of the app, Vickery has even gone as far as to contact Apple's App Store team for details about Kinoptic developers.
Apple unapologetically washed their hands of the whole thing, saying that because the app is not listed on their App Store anymore, they just don't care.
The only thing former Kinoptic users can do right now is to change the passwords for accounts where they have used the same passphrase.
