TuneFab leaks 151 million records of users

TuneFab has caused a significant data breach involving more than 151 million records, including users' IP addresses, areas, user IDs, emails, and device information. The over 280GB of exposed data could be used by threat actors to enhance previously leaked data.

TuneFab is a software company that specializes in developing applications for converting audio tracks from streaming platforms into various audio file formats like MP3, M4A, WAV, FLAC, AIFF, AAC, and ALAC. Their applications are designed to download these files to users' devices, effectively bypassing digital rights protection. The company is registered in Hong Kong and has created at least eight apps dedicated to these services.

The breach is due to a misconfiguration in MongoDB, a document-oriented database platform. This misconfiguration left TuneFab's data without a password and open to public access.

The breach was discovered and indexed by public IoT search engines on September 26th, and the company was alerted by a researcher, leading to a swift resolution of the issue within 24 hours.

TuneFab has not yet provided an official response about the incident.