Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.
Discovered by security researchers Ran Locar and Noam Rotem, the database contains what appears to be the app’s entire data, from user personal details to activity logs.
Source: ZDNet