We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

MyEstatePoint App Exposes Data of Half a Million Users

MyEstatePoint App Exposes Data of Half a Million Users
Author Image Keira Waddell
Keira Waddell Published on 9th January 2024 Senior Writer

The MyEstatePoint Property Search app (developed by NJ Technologies) has exposed the sensitive information of nearly half a million users. The popular Android real estate app left user data, including names, passwords, email addresses, and phone numbers, unprotected on a public-facing MongoDB server. With over half a million downloads, it seems that nearly every registered user with the app may have had their data exposed.

The breach was discovered by the Cybernews research team on November 6, 2023, when they identified an unprotected server related to the app that housed extensive user details. The exposed information comprised first and last names, plain-text passwords, email addresses, mobile phone numbers, city details, business descriptors, and signup methods.

This comprehensive dataset poses severe risks, potentially enabling threat actors to exploit the information for unauthorized access to accounts, identity theft, and fraudulent activities.

MyEstatePoint Property Search is a key player in India’s real estate mobile application market and serves a predominantly Indian user base. But despite the breach being patched, NJ Technologies has not responded to requests for comments. It remains unclear whether affected users have been informed of the potential risks to their privacy and security.

The exposed data raises concerns about the exploitation possibilities. Cybercriminals could leverage specific or combined details for identity theft, phishing attacks, financial fraud, and other scams. The use of plain-text passwords further escalates the risk, especially for users who reuse passwords across multiple accounts.

In light of this breach, MyEstatePoint Property Search app users are advised to change their passwords immediately, using complex and secure alternatives. Additionally, caution is recommended regarding phishing messages, as threat actors may use leaked personal data for social engineering attacks. Users are also encouraged to consider using dark web monitoring services to check if their data has surfaced on underground marketplaces and forums.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.