Freely subscribe to our NEWSLETTER

Apart from making 30 million private links public, the platform also exposed the account data of over 156,000 users.

Safe linking services allow you to create protected links with various safety controls, such as passwords, PINs, IP address limitations, or real-time URL scanning, to secure access and protect users from malicious links.

Microsoft and Google integrated safe linking to their products long ago. For those who do not subscribe to the tech giants’ solutions, there are platforms on the internet that provide similar services. However, using third-party services can pose risks, particularly when human error occurs.

What data was leaked?
• Usernames
• Emails
• Encrypted password with salt and API hashes
• Notification settings
• Security settings associated with the links
• Social media account IDs
• Protected links
Malicious bots find the data

The leak was caused by a poorly configured and passwordless MongoDB database. After investigating the leak, the research team discovered traces of malicious bots that had already targeted the unprotected database.

Misconfigured MongoDB databases are often targeted by automated bots, which insert README notes with a ransom demand. If the database owner does not pay the ransom, the bots destroy the database’s content by sending a “delete” command.

Such a note was discovered in the leaked database belonging to Safelinking. The note demanded payment of 0.0057 BTC, which at the time of publishing, was nearly $660. “In 48 hours, your data will be publicly disclosed and deleted,” reads the ransom note.

Following the ransom demand, a malicious bot destroyed the open database, which is now not publicly available. We have contacted the company for a comment, but we have yet to receive a response.