California-based IT company DNA Micro exposed the private mobile phone data of over 820,000 customers due to a system misconfiguration. The leak affected customers using DNA Micro’s subsidiary, InstaProtek, which offers a screen warranty service, as well as screen protector and phone case manufacturers such as Liquipel and Otterbox. Sensitive data, including full names, addresses, phone numbers, email addresses, warranty claim status, phone models, and more, was exposed to the public for at least six months.
Furthermore, the leak poses significant risks, as threat actors could potentially exploit the exposed data to attack individual devices, disrupt services, or create phishing campaigns. This could lead to customers being at risk of “doxxing” and “swatting,” particularly concerning since home addresses were also exposed. DNA Micro has fixed the issue after being notified but has not provided an official comment as of now.
Additionally, the exposure of International Mobile Equipment Identity (IMEI) numbers and personally identifiable data (PII) increases the risk of attacks. Threat actors could exploit IMEI numbers to disrupt mobile services or conduct malicious activities. The leak also raises concerns about malware attacks, with attackers using information about phone models to target devices and potentially track users’ locations.
Moreover, exposed phone numbers could be exploited for spam, phishing campaigns, SIM swapping, or even tracking user locations, making the situation even more concerning.