In-Home Hospitality App Hello Alfred Exposes User Data
Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user data. The leaked information included names, email addresses, phone numbers, home addresses, authentication tokens, private notes, and partial payment information. The cause of the leak was a publicly accessible MongoDB database with no password protection. The company has since secured access to the database. Hello Alfred is a New York-based platform that offers in-home services and operates in over 20 cities in the US.