AngelSense exposed location data and personal information of tracked users
AngelSense, an assistive technology company that provides location monitoring devices for people with disabilities, was spilling the personally identifiable information and precise location data of its users to the open internet, TechCrunch has learned.
The company secured the exposed server on Monday, more than a week after it was alerted to the data leak by researchers at security firm UpGuard.
UpGuard shared details of the exposure exclusively with TechCrunch after AngelSense resolved the lapse. UpGuard has since published a blog post on the incident.
The New Jersey-based AngelSense provides GPS trackers and location monitoring to thousands of customers, according to its mobile app listing, and is touted by law enforcement and police departments across the United States.
According to UpGuard's researchers, AngelSense left an internal database exposed to the internet without a password, allowing anyone to access the data inside using only a web browser and knowledge of the database's public IP address. The database was storing real-time updating logs from an AngelSense system, which included the personal information of AngelSense customers, as well as technical logs about the company's systems.
UpGuard said it found customers' personal data, like names, postal addresses, and phone numbers in the exposed database. The researchers said they also found GPS coordinates of individuals being monitored — including associated health information about the tracked person, which included conditions like autism and dementia. The researchers also found email addresses, passwords, and authentication tokens for accessing customer accounts, as well as partial credit card information — all of which was visible in plaintext, UpGuard said.
It's not known exactly how long the database was exposed nor how many customers were affected. According to the database's listing on Shodan, a search engine of internet-facing devices and systems, AngelSense's exposed logging database was first spotted online on January 14, though it may have been exposed some time earlier.
AngelSense chief executive Doron Somer confirmed to TechCrunch that the company took the exposed server offline after initially identifying UpGuard's first email as spam.
"It was only when UpGuard phoned us that the issue was raised to our attention," Somer said. "Upon its discovery, we acted promptly to validate the information provided to us and to remedy the vulnerability."
"We note that other than UpGuard, we have no information suggesting that any data on the logging system potentially was accessed. Nor do we have any evidence or indication that the data has been misused or is under threat of misuse," Somer told TechCrunch, claiming that the data "was not sensitive personal information."
Somer would not say if the company has the technical means to determine if there was any access to the unprotected server prior to UpGuard's discovery.
When asked if the company planned to notify affected customers and individuals whose data was exposed, Somer said the company was still investigating.
"If notice to regulators or persons is warranted, we will of course provide it," Somer said.
Somer did not respond to a follow-up inquiry by press time.
Database exposures are often the result of misconfigurations caused by human error, rather than malicious intent, and have become an increasingly common occurrence in recent years. Similar security lapses of exposed databases have resulted in the spill of sensitive U.S. military emails, the real-time leak of text messages containing two-factor codes, and chat histories from AI chatbots.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
20 minutes ago
- Yahoo
Second Italian journalist targeted with Paragon spyware, watchdog group says
By Raphael Satter LONDON (Reuters) -A second Italian journalist was recently targeted by software made by U.S.-owned surveillance company Paragon, internet watchdog group Citizen Lab said, raising new questions about a surveillance scandal that has already led Prime Minister Giorgia Meloni's government and Paragon to part ways. Citizen Lab said in a report on Thursday that Italian investigative journalist Ciro Pellegrino's iPhone showed evidence of having been targeted by Paragon's sophisticated spy software. Pellegrino works at the online newspaper Fanpage, whose editor-in-chief Francesco Cancellato earlier disclosed that he was one of scores of users who received January alerts from WhatsApp that they had been targeted using Paragon's technology. Fanpage has published a stream of critical coverage of Meloni's government, notably an exposé tying her party's youth wing to neo-Nazi activity, and the allegation that Fanpage's journalists, among others, were put under surveillance has stirred controversy in Italy. On Monday, the government and Paragon announced that they were no longer working together, offering conflicting explanations about who fired whom. Paragon referred questions back to an earlier statement it provided to the Israeli publication Haaretz in which it said it had offered Italian officials a way to check whether its systems had been used against Cancellato, but that Italian authorities had rebuffed the offer. Italian officials did not return a message seeking comment on the Citizen Lab report. In a text exchange with Reuters, Pellegrino said the discovery that he had been targeted with spyware was "horrible." The Naples-based journalist said his phone was "the black box of my life, which contains everything from personal and health data to journalistic sources." Although an Italian parliamentary panel reported on Monday that the country's spy services had deployed Paragon's tools to intercept the communications of migrant sea rescue activists in the context of law enforcement work, the panel said it had found no evidence that the tools were used by Italian intelligence to go after Fanpage's Cancellato. The discovery of Paragon spyware on the phone of one of Cancellato's colleagues adds to questions about the panel's thoroughness, said Natalia Krapiva, a senior lawyer with Access Now, a human rights group that works with spyware victims. "It sheds serious doubt on the adequacy of the investigation," she said. The Italian parliamentary panel, which has reserved the right to conduct further investigations around the matter, did not respond to a message seeking comment. In its report, Citizen Lab also said that an unnamed European journalist was hacked with Paragon's spyware. The lab, which is based out of the University of Toronto, offered no other details and declined to answer questions about the journalist's identity or the circumstances of their targeting.
Yahoo
20 minutes ago
- Yahoo
Tacoma ex-deputy police chief had ‘pattern of disrespect' to women, inquiry says
The Tacoma Police Department's former deputy chief, Paul Junger, wasn't fired for one egregious incident, an investigation report shows, but because of consistent demeaning behavior that created a hostile work environment for women. One instance, in which Junger downgraded a patrol officer's punishment for creating a meme that disrespected his commanding officer and three other women, was described as appearing to be part of a 'pattern of disrespect' to women. That pattern included belittling comments Junger made to Assistant Chief Crystal Young-Haskins, who brought a Human Resources complaint against him in November, weeks after she reported his behavior to former Police Chief Avery Moore. It also entailed questioning her judgment in front of her peers, interrupting her in meetings, not accepting her advice but taking it from men and undermining Young-Haskins by offering support to her in private but then withdrawing it in public. One witness said Junger's treatment was 'death by a thousand cuts.' Those are some of the findings outlined in a March 26 report authored by an attorney with the Seattle-based law firm Ryan, Swanson & Cleveland, PLLC detailing an investigation into Junger's behavior in the workplace. The 21-page report was released to The News Tribune through a public records request with some redactions. It determined that allegations of a hostile work environment and gender discrimination were true. Interim Police Chief Patti Jackson chose to terminate Junger's employment March 31 based on the external investigation. 'The evidence provided by [redacted] and other witnesses was of numerous incidents, actions and comments, most of which if taken individually would be considered unpleasant, derogatory and/or inappropriate, but would not, taken alone, constitute a hostile work environment,' the report states. 'However, the events and actions must be considered together, to show the 'totality of the circumstances.'' Junger did not respond to a request for comment about the investigation Tuesday. The report notes that after he returned to work from administrative leave last year, he apologized to several people individually for the way he had treated them. 'Junger explained that his leadership style is building trust and relationships, and so after being placed on administrative leave he felt this was the appropriate way to try and rebuild relationships with individuals in the department,' the report states. The witnesses who spoke to the investigator about the apologies were all Black women, according to the report, and several described it as an 'apology tour.' Most thought it was too little, too late, but one said Junger's apology felt sincere. As deputy chief and the department's second in command, Junger was responsible for assisting in the overall direction of the department's internal operations. He reported to the chief of police, and the department's three assistant chiefs reported to him. According to The News Tribune's salary database, his total pay in 2023 was $272,455.60 Young-Haskins also did not respond to a request for comment Tuesday. Although it was Young-Haskins who filed a complaint with the city's HR department, the investigator described how multiple women were subjected to discriminatory behavior. According to the report, three women who left the Police Department tied their departures, in part, to how Junger treated them. 'A witness who left the department after 35 years told me that she was treated extremely disrespectfully and condescendingly by Junger, including an incident where he was angry about something she and AC [redacted] had done, and he approached them, pointing his finger and saying 'You. Down the hall. NOW.'' Young-Haskins now leads the Investigations Bureau for the Police Department. She came to Tacoma in summer 2022 from Little Rock, Arkansas, where she served as the city's interim police chief. Junger joined the Tacoma Police Department around the same time from the Dallas Police Department, where he worked with Moore. Young-Haskins complained of Junger's harassing behavior about two years after she began working in Tacoma, but her emailed report to HR said the hostile work environment began shortly after she was hired. She said she feared coming forward about Junger because she wanted to be a team player and of a desire to do her job to the best of her ability. Not all of Young-Haskins' allegations about Junger were substantiated by workplace investigation. The claim that Junger engaged in race discrimination was not sustained, and allegations of age discrimination and that he retaliated against Young-Haskins were deemed to be unfounded. The report said it was difficult to determine whether race played a factor in Junger's treatment of employees, noting that the treatment was directed toward a white woman as well as several Black women, but it wasn't directed toward all white women in the department. Instead, the treatment seemed directed toward women who reported directly to Junger, and it appeared more aligned with gender differences. One man interviewed for the investigation recalled a time when Junger referred to the women assistant chiefs as 'the girls' in a private meeting in 2024 where no women were present. A man also reported that Junger commented to him that one of the women assistant chiefs wasn't really sick when she called out of work for a sick day. Young-Haskins reported that Junger gave her unequal treatment for her use of leave. The investigation found examples of male employees receiving less scrutiny for leave requests, and it described one incident that escalated to Junger contacting a deputy city attorney. That incident appears to have prompted Young-Haskins to report Junger's behavior to the police chief. In October 2024, according to the report, Young-Haskins was scheduled to attend a conference that required her to travel from Seattle to Boston. Her leave request was for the dates of the conference, Oct. 18-22, but she didn't include time needed to travel to and from the conference, which required an extra day before it started and after it ended. Young-Haskins notified the person who was covering for her that she needed the extra time, and she sent a memo via email about the correct dates of her absence, which Junger received, according to the report. On Oct. 23, while Young-Haskins was on her flight out of Boston, Junger emailed and texted her to ask her if she would be attending the one-on-one meeting they had scheduled that day. Young-Haskins tried to respond to the text, but it didn't go through, according to the report, and she wasn't able to respond to him until her plane landed hours later. When Junger was interviewed about that for the investigation, he said he believed Young-Haskins was 'AWOL' or absent without leave. According to the report, he repeatedly questioned her about the absence and talked to the deputy city attorney assigned to the Police Department. Young-Haskins asserted that Junger was being unreasonable and treating her differently than her male counterparts. 'She noted that when Junger did not know where one of his team members were, he would ask around, but never implied or stated that the person was AWOL,' the report states. When Junger was interviewed, he said he relied on the dates in the leave request, and, when she was absent, he was concerned. The day after Young-Haskins got back from Boston, she reported to Moore that she felt Junger had created a hostile work environment and subjected her to unlawful harassment, according to her email to HR. An embarrassing image depicting a caricature of Young-Haskins and three other women in the department was another subject of Junger's investigation because of his decision to downgrade the punishment of the patrol officer who made it. The investigation doesn't show the meme or describe it in detail, but an internal investigation about it reportedly found it was offensive to women and constituted insubordination toward one of the women it depicted. 'The creator of the meme was unapologetic about it and stated the women deserved it,' according to the report. A bureau-level reprimand was recommended for the patrol officer, which stays on file for five years. Typically the decision of whether to discipline an officer and how severe that punishment should be is up to the police chief, but Moore was on leave when the investigation concluded. Junger was entitled to make the decision himself as acting chief in the meantime, and he decided to instead give the officer who created the meme an oral reprimand, which stays on file for one year instead of five. That outcome 'surprised and upset' two people interviewed for Junger's workplace investigation. One said Junger's actions indicated the department doesn't support women in leadership. Another said his actions were a 'slap in the face.' Junger said he believed the five-year reprimand was too harsh, and he considered the fact that the patrol officer didn't have any prior disciplinary matters. Junger also said the officer would have to take some form of training, which he felt was consistent with the department's progressive discipline policy.
Yahoo
23 minutes ago
- Yahoo
Nvidia (NVDA) to Host Virtual Annual Shareholder Meeting on June 25
Nvidia (NVDA, Financials) said Wednesday it will conduct its annual shareholder meeting virtually on June 25, with voting and live Q&A available via a secure online portal for registered stockholders. Warning! GuruFocus has detected 4 Warning Signs with NVDA. The Santa Clara-based semiconductor company, which has surged to a $3.49 trillion market valuation, said the proxy materials for the meeting were filed with the U.S. Securities and Exchange Commission on May 13. A recording of the session will remain accessible through June 2026. The meeting comes as Nvidia continues to expand its role in AI infrastructure globally. This month, the company unveiled plans to build an industrial AI cloud platform in Germany and named Micron Technology the first supplier for its new memory solution, SOCAMM, designed for AI server workloads. Nvidia also recently partnered with Novo Nordisk to use AI in drug discovery and showcased video compression tools for autonomous vehicles at its GTC conference in Paris. The company's Gefion supercomputer and GPU stack are being leveraged for breakthroughs across biotech, robotics, and high-performance computing. Nvidia stock closed down 0.75% on the day of the announcement. This article first appeared on GuruFocus. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
