Hello Alfred app leaks user data
Learn More
"Hello Alfred" is sn application designed for real estate developers and property managers to offer in-house services, maintenance, and rent collection to their tenants. Founded almost a decade ago, "Hello Alfred" is headquartered in New York. It has successfully garnered $56.5 million in public funding and has expanded its services to over 20 cities across the United States.
On September 19th, there was a report that sensitive user data on the platform was exposed. The root cause of this data leak was traced back to an unprotected MongoDB. The security researchers who initially detected the breach, noted that at least three IP addresses associated with this database were publicly accessible, not secured with passwords and were easily searchable on public search engines.
This exposed data encompassed:
- names,
- contact information,
- authentication tokens,
- private notes,
- partial payment information
The company managing Hello Alfred was informed about this leak and took action to secure the exposed data. Unfortunately, they haven't commented publicly on the data leak nor made any disclosure about the number of affected individuals or the time period the data was exposed.
