The in-home hospitality app exposed almost 170,000 user records, including sensitive personal data and partial payment information, due to a passwordless and publicly accessible database.

In-Home Hospitality App Hello Alfred Exposes User Data

Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user data. The leaked information included names, email addresses, phone numbers, home addresses, authentication tokens, private notes, and partial payment information. The cause of the leak was a publicly accessible MongoDB database with no password protection. The company has since secured access to the database. Hello Alfred is a New York-based platform that offers in-home services and operates in over 20 cities in the US.

Back to Home


  • No comments yet.