My Estate Point

A publicly accessible MongoDB server with the private information of its customers was left behind by the all-in-one real estate software MyEstatePoint Property Search.

Data on approximately 497,000 users was available on the exposed server, nearly exactly matching the total number of downloads for the program.

The exposed instance contained sensitive app users’ details, like, first and last names, email addresses, plain-text passwords, mobile phone numbers, City, business descriptors, and signup methods.

Source: https://securityaffairs.com/156939/security/myestatepoint-property-search-android-app-leaks-user-passwords.html

"id": "MYE6327124",
"linkid": "my-estate-point",
"type": "Data Leak",
"date": "01/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"