Pierluigi Paganini December 02, 2023

WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users.

Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The content platform WeMystic is a good example of this, with the Cybernews research team discovering that it exposed its users’ sensitive data.

WeMystic offers its users astrology, spiritual well-being, and esotericism alongside an online shop for natural stones, chakras, tarot cards, bracelets, and other products. The platform primarily serves Brazilian, Spanish, French, and English speakers.

According to our team, WeMystic left an open and passwordless MongoDB database containing 34 gigabytes of data related to the service as part of the MongoDB infrastructure.

Businesses employ MongoDB to organize and store large swaths of document-oriented information. While WeMystic has since closed the database, researchers said that the data was accessible for at least five days.

One of the data collections in the exposed instance, named “users,” contained a whopping 13.3 million records. The exposed records include:

• Names
• Email addresses
• Dates of birth
• IP addresses
• Gender
• Horoscope signs
• User system data

Our research team explains that the exposure of personal user data poses security risks for those involved since attackers may build on collected data to carry out targeted attacks, even getting creative with seemingly superstitious data.

Do you want to know the risks faced by users whose data has been exposed? Take a look at the original post at:

https://cybernews.com/security/wemystic-data-leak/

About the author: Vilius Petkauskas, Deputy Editor at CyberNews

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, WeMystic)