Spotify music converter puts users at risk

TuneFab converter, used to convert copyrighted music from streaming platforms such as Spotify, Amazon’s Audible, or Apple Music, has exposed its users' private data.

Cybernews research showed that the platform has exposed more than 151 million parsed records with users’ IP addresses, userArea, userIDs, emails, and device info.

The leak was caused by a misconfiguration on MongoDB, a document-oriented database platform, that left TubeFab’s data passwordless and publicly accessible.

The private data leak was identified on September 26th and indexed by public IoT search engines on the same day. The researcher contacted the company about the leak, and the misconfiguration was promptly fixed. Total exposure time was no longer than 24 hours. The company has yet to respond to a Cybernews request for an official comment on the matter.

According to Bob Diachenko, a cybersecurity researcher who first identified the leak, more than 280GB of exposed data could assist threat actors in the enrichment of data from previous leaks.

The company is registered in Hong Kong. Across eight apps created by TuneFab, it provides services, often considered illegal, to convert audio tracks on streaming platforms into MP3, M4A, WAV, FLAC, AIFF, AAC, and ALAC formats and download files to users' devices, bypassing digital rights protection.

The service covers various streaming services, including Spotify, Apple Music, Amazon, Pandora, YouTube, Deezer, and Audible.

More from Cybernews:

Clash of Clans gamers at risk while using third-party app

Cybernews podcast unpacks 2023's AI odyssey

Hackers expose masses of personal data on dark web during Christmas

Google settles $5 billion consumer privacy lawsuit

Experts determine the perfect time to pop champagne on New Year's Eve

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked