US-based real estate app Tellus leaks thousands of user records and sensitive private messages.
The CyberNews research team has discovered that an app used by Tellus, a US-based real estate company, was storing user records and sensitive private messages in an unsecured Amazon Simple Storage Service bucket.
Tellus, a software company based in California, has launched its app to offer American landlords and tenants a convenient way to receive and pay rent money as well as keep all of their rent related data like personal information, rental listings and correspondence between tenants and landlords in one place. The data bucket that was used for the app contained 6,729 files that include chat logs, user records and transaction records left on a publicly accessible Amazon storage server.
It is currently not known for how long the data was left unprotected and it is unclear whether the hackers have accessed the unsecured data bucket until the issue was reported and closed by Tellus.
Experts warn that attackers who may have downloaded the files could use the information they have gathered to blackmail both tenants and landlords by threatening to publicise the sensitive content found in their private messages and transaction logs or use their information to engage in identity theft. The information could also be used to spam emails and phones and hack online bank accounts.