News Heading - 1

Android App MyEstatePoint Exposes Half a Million Users’ Data

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

The popular property search app, MyEstatePoint, exposed sensitive data of approximately half a million users, including email addresses.

The Android application developed by India-based NJ Technologies is known to have nearly 500,000 downloads, and over 497,000 users’ information is said to have been exposed in this breach. According to researchers at Cybernews , the leaked user data is almost equal to ‘’the number of times the app was downloaded.”

“This comprehensive dataset poses severe risks as threat actors could exploit the exposed information for unauthorized access, identity theft, fraudulent activities, and potentially compromise the privacy and security of the affected individuals,” the researchers said.

Although at the time of writing this article, the leak was patched; the team at NJ Technologies have not clarified or released any statements regarding the incident. Therefore, it remains unclear if the affected users have been notified of the breach and its impact on their security and privacy.

The breach as well as the possibility of the victims being in the dark, leaves them vulnerable to potential threats. Cybercriminals can use this information to defraud victims via phishing scams, identity theft, and financial fraud. The use of email addresses and plain-text passwords further increases the risks, especially if reused across multiple online accounts.

Keeping in mind the potential vulnerabilities, users of MyEstatePoint Property Search application should consider changing their passwords. To create complex and intricate passwords, one can either use password manager services or read through expert suggested articles. In addition, they should also exercise caution and prevent falling prey to various social-engineering attacks, including phishing texts, emails, and calls.

News Heading - 2

November 2023 Data Breach Leaves 1.3 Million FNF Customers Vulnerable

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Fidelity National Financial (FNF) confirmed around 1.3 million customers’ information may have been potentially exposed during the November 2023 cyberattack (claimed by AlphV/ Black Cat gang ).

The American Fortune 500 company provides title insurance and settlement service to the real estate and mortgage industries.

In a recent amended Securities and Exchange Commission (SEC) filing, it revealed that the attack, first identified on November 19, 2023, was successfully contained in seven days. Nevertheless, the containment efforts forced the firm to temporarily block certain IT systems, resulting in disruption of few business operations.

According to the filing, the company concluded a forensic investigation into the incident around mid-December. The investigation revealed that the ransomware attack involved the use of a non-propagating malware that exfiltrated certain data from its systems. This stolen data is believed to be the sensitive information of nearly 1.3 million customers.

“We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data,” the filing revealed.

Although FNF did not reveal any details of the compromised information, it is known to collect customer names, addresses, credit information, driver’s licenses, and financial account details.

It further went on to clarify that none of the connected customer-owned systems were impacted, nor had it received any customer reports regarding the incident. In addition to securing its network, FNF had also notified the concerned regulatory authorities and customers.

“The Company has notified its affected customers and applicable state attorneys general and regulators, [..]; is providing credit monitoring, web monitoring, and identity theft restoration services; and is fielding questions from consumers.”

It also stated that it does not believe that the incident will have any material impact on any of its businesses, and that it’s a defendant in several lawsuits related to the attack.