Tokee Messaging App Exposes 1.2 Million Users’ Data in Unsecured Database
Security researchers at Cybernews discovered an unprotected MongoDB database belonging to Tokee, a messaging app developed by US-based software firm Deucetek, exposing sensitive data for approximately 1.2 million users. The incident, identified in recent weeks, revealed a trove of unencrypted personal information, including display names, phone numbers, profile avatars, device tokens, user IDs, account creation timestamps, activity logs, and account status flags (e.g., premium or non-premium).
While chat logs stored in the same database were encrypted using password-based OpenSSL encryption mitigating immediate risks researchers warned that the exposed metadata alone posed significant privacy, security, and regulatory threats. The database was accessible to anyone with knowledge of its location, though there is no evidence it was previously accessed by malicious actors or leaked to the dark web.
Tokee, which has over 1 million downloads on Android (Apple’s App Store does not disclose download figures), likely saw most of its user base affected by the breach. Following responsible disclosure, Deucetek secured the database. However, users remain at risk of phishing attacks, particularly from fraudulent messages impersonating Tokee or Deucetek. The incident underscores the potential consequences of misconfigured cloud storage in widely used applications.
Deucetek cybersecurity rating report: https://www.rankiteo.com/company/deucetek
"id": "DEU1778696634",
"linkid": "deucetek",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1.2 million users',
'industry': 'Technology/Software',
'location': 'United States',
'name': 'Tokee (Deucetek)',
'type': 'Messaging App'}],
'attack_vector': 'Misconfigured Database',
'customer_advisories': 'Users at risk of phishing attacks; advised to remain '
'vigilant against fraudulent messages impersonating '
'Tokee or Deucetek.',
'data_breach': {'data_encryption': 'Chat logs encrypted; metadata unencrypted',
'data_exfiltration': 'No evidence of data exfiltration',
'number_of_records_exposed': '1.2 million',
'personally_identifiable_information': 'Display names, phone '
'numbers, user IDs, '
'account creation '
'timestamps, activity '
'logs',
'sensitivity_of_data': 'High (phone numbers, user IDs, '
'activity logs, etc.)',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII), Metadata'},
'description': 'Security researchers at Cybernews discovered an unprotected '
'MongoDB database belonging to Tokee, a messaging app '
'developed by US-based software firm Deucetek, exposing '
'sensitive data for approximately 1.2 million users. The '
'incident revealed unencrypted personal information, including '
'display names, phone numbers, profile avatars, device tokens, '
'user IDs, account creation timestamps, activity logs, and '
'account status flags. Chat logs were encrypted, but the '
'exposed metadata posed significant privacy, security, and '
'regulatory threats. The database was accessible to anyone '
'with knowledge of its location, though there is no evidence '
'it was previously accessed by malicious actors or leaked to '
'the dark web.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'privacy risks',
'data_compromised': 'Display names, phone numbers, profile '
'avatars, device tokens, user IDs, account '
'creation timestamps, activity logs, account '
'status flags',
'identity_theft_risk': 'High risk of phishing attacks and identity '
'theft',
'legal_liabilities': 'Potential regulatory violations',
'systems_affected': 'Tokee Messaging App Database'},
'initial_access_broker': {'data_sold_on_dark_web': 'No evidence of data being '
'sold on the dark web'},
'investigation_status': 'Resolved (database secured)',
'lessons_learned': 'Importance of securing cloud databases and encrypting '
'sensitive metadata to prevent privacy risks and '
'regulatory violations.',
'post_incident_analysis': {'corrective_actions': 'Database secured; further '
'security measures '
'recommended (e.g., '
'encryption, access '
'controls, audits)',
'root_causes': 'Misconfigured MongoDB database '
'with no access controls'},
'recommendations': 'Implement proper access controls for databases, encrypt '
'all sensitive data, conduct regular security audits, and '
'monitor for misconfigurations.',
'references': [{'source': 'Cybernews'}],
'regulatory_compliance': {'regulations_violated': 'Potential GDPR, CCPA, or '
'other data protection '
'regulations'},
'response': {'containment_measures': 'Database secured after responsible '
'disclosure',
'third_party_assistance': 'Cybernews (security researchers)'},
'title': 'Tokee Messaging App Exposes 1.2 Million Users’ Data in Unsecured '
'Database',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured MongoDB Database'}