According to Verdict, Boomoji, an app that allowed iOS and Android users to create 3D avatars, has suffered a data leak that could have potentially compromised the personal data of more than 125 million people.
The leak was a result of two Elasticsearch – a search and analytics platform designed to manage and retrieve information – databases that were left unsecured without passwords. One based in the United States served Boomoji’s international users, while another based in Hong Kong served China.
According to TechCrunch, it was possible to find these databases by searching for a few specific keywords on Shodan, a search engine for open devices and databases.
According to Digitpol, OSINT searches have already pointed towards some major issues and a possible GDPR matter. Investigators will need to conduct a comprehensive investigation in line with authorities.