Porn Blocking App called BlockerX Suffered a data leak that may have potentially put vulnerable users at risk. On August 2nd, I discovered a non-password-protected database containing a large number of publicly exposed records. Among discovered data are user’s personal data, links to Amazon AWS with screenshots, quotes, and other unprotected, at the same time, potentially critical data.
The exposed database contained
Details of the discovery:
Some of the user names appeared to be formatted in first and last names, and others were simply email addresses. These may have been added as a “username” by mistake, but they could potentially expose the real identity of the users.
There were links to Amazon AWS files such as BlockerX resource documents to help users, but I also saw user uploads like screenshots. The screenshots appeared to be in chronological order by date and then numbered. Hypothetically this format would be easy to guess and go through each and every screenshot looking for sensitive data.
You can read the full summary of my findings and report here: Porn Blocking App Data Breach