Android App MyEstatePoint Exposes Half a Million Users’ Data

The popular property search app, MyEstatePoint, exposed sensitive data of approximately half a million users, including email addresses.

The Android application developed by India-based NJ Technologies is known to have nearly 500,000 downloads, and over 497,000 users’ information is said to have been exposed in this breach. According to researchers at Cybernews, the leaked user data is almost equal to ‘’the number of times the app was downloaded.”

Discovered on November 6, 2023, the leak is said to have occurred on a public-facing MongoDB server, and includes users’ first and last names, email addresses, plain-text passwords, phone numbers, address, business descriptors, and sign up methods.

“This comprehensive dataset poses severe risks as threat actors could exploit the exposed information for unauthorized access, identity theft, fraudulent activities, and potentially compromise the privacy and security of the affected individuals,” the researchers said.

Although at the time of writing this article, the leak was patched; the team at NJ Technologies have not clarified or released any statements regarding the incident. Therefore, it remains unclear if the affected users have been notified of the breach and its impact on their security and privacy.

The breach as well as the possibility of the victims being in the dark, leaves them vulnerable to potential threats. Cybercriminals can use this information to defraud victims via phishing scams, identity theft, and financial fraud. The use of email addresses and plain-text passwords further increases the risks, especially if reused across multiple online accounts.

Keeping in mind the potential vulnerabilities, users of MyEstatePoint Property Search application should consider changing their passwords. To create complex and intricate passwords, one can either use password manager services or read through expert suggested articles. In addition, they should also exercise caution and prevent falling prey to various social-engineering attacks, including phishing texts, emails, and calls.