HQ/EMEAFind out how we can help your business
WeMystic, a popular platform specialising in astrology, numerology, tarot, and spiritual enlightenment, has caused significant concerns among its users after exposing its stored information.
Based on reports, the incident impacted approximately 13.3 million user records due to the negligent data breach. Moreover, WeMystic is famous for providing cosmic guidance and diverse spiritual products to users who seek advice through fortunate telling.
However, the forum inadvertently revealed some critical details after researchers uncovered an open and passwordless MongoDB database. Some of the exposed points within the database include 34 gigabytes of sensitive data in the digital cosmos. The breach, though now closed, left users vulnerable for nearly a week, allowing unauthorised access to a wealth of personal details.
The exposed database is a critical part of the WeMystic forum’s infrastructure.
According to investigations, the database affected by the data breach is integral to the WeMystic platform’s infrastructure.
The confirmed data affected by the incident includes names, email addresses, dates of birth, IP addresses, gender, horoscope signs, and even user system data. Additionally, the breach primarily affected users across the linguistic spectrum, with the platform serving audiences in Portuguese, Spanish, French, and English.
Businesses commonly utilise MongoDB to manage extensive document-oriented information. However, WeMystic’s lapse in securing this database highlights the risks of insufficient data protection measures. Even if unintentional, the breach could still severely threaten every affected user, especially in this evolving digital age.
The exposed data, seemingly harmless at first glance, poses a substantial security threat since malicious actors could exploit these troves of data to execute targeted attacks. Hackers could use personal information, such as names, birthdates, and IP addresses, to generate sophisticated and personalised schemes, leveraging seemingly superstitious details to deceive and infiltrate targeted users.
This recent negligence in WeMystic should remind the platform to improve its cybersecurity protocol since it could impact its subscribers if they fail to protect their data. Users seeking enlightenment and guidance on WeMystic now struggle with compromised personal data.
Therefore, they should now be vigilant and cautious with unsolicited communications since potential scammers or hackers could have acquired and used the data for malicious purposes.
