News
Massive data leak might have exposed locations of millions of Muslims online
December 2024 by CyberNews
The latest Cybernews research has discovered that an unprotected Elasticsearch server exposed over 3.6 million highly sensitive records belonging to the Quran Kuran app users. The app is developed by Sigma Telecom, an Istanbul-based telecommunications company. The data could have been used for unauthorized surveillance, as it was available to anyone on the internet, leaving the app users’ safety in danger.
This is especially concerning given that it is not the first time the Muslim community has been put at risk due to data collected by prayer apps.
What data was leaked:
• Geodata
• Device and network identifiers
• MAC addresses – a 12-digit hexadecimal number assigned to each device connected to the network
• IP addresses
• SIM serial numbers
• Carrier information
• Application details
“CCPA and GDPR consider information such as a person’s religious beliefs to be highly sensitive personal information. It is in the same sensitivity category as health data, financial data, criminal history, and passports, as opposing groups have historically used such information for discrimination and violence,” added Cybernews researchers.
What’s the impact of the leak?
The exposed data contained detailed personal and technical information, which could’ve been exploited for identity theft and other forms of cyber fraud by malicious actors.
Moreover, leaked sensitive details may threaten users’ privacy, leaving the religious community extremely vulnerable to surveillance and unauthorized tracking, as SIM serial numbers can be abused to track the locations of the app’s users during protests.
