Al-Anon, an international support organization for families and friends of individuals with alcohol use disorder, had a dataset with more than 200,000 records from its users exposed by an unsecured MongoDB database over the last 15 days of July, Cybernews reports.
Information leaked by the misconfigured database included individuals' full names, emails, phone numbers, encrypted passwords, and verification tokens, as well as join dates and private chats, according to Cybernews researchers, who noted that severity of the leak even though Al-Anon immediate acted to secure the database upon reporting. "The exposure of not just personal data, but also private communications, represents a serious violation of user trust and could lead to emotional distress, identity theft, and other privacy concerns," said researchers, who recommended robust database authentication and encryption, comprehensive data audits, regular security evaluations, and breach notification transparency to prevent and mitigate data exposures.
