Sen said that data leaked from over 4.6 million devices contributed to the database – and every time someone uses any of these apps, it gathers even more information. What’s more worrying is a bad actor can track someone’s live location through the database. t registers an entry of longitude and latitude every time a user logs into one of these apps. The database is hosted on servers run by Aliyun Computing, a subsidiary of Alibaba. However, the researcher said the company’s not involved or responsible for the leak. TNW has received screenshots of entries in the database, and they appear legitimate. Sen’s team believes a single marketing agency for mobile apps could be liable for the leak. But it’s not clear how or why said agency is leaking the data. These apps are also leaking other sensitive information like loan records and details, risk management data, transaction details, and personal info. Plus, there’s information about their devices including a detailed list of contacts, SMS logs, IMEI numbers, stored app data, and memory data. SafteyDetective’s team said that all this data can be used to steal someone’s identity: There’s no detail on who’s the owner of the database as of yet. We’ve contacted Alibaba for more details, and we’ll update the post accordingly.
