More than 100 million records readers and writers of the GoodNovel and Webfic applications, dedicated to fiction novels, have been exposed on an unsecured server, revealing sensitive information such as behavioral analysis, contract details and narrative outlines of the projects.
GoodNovel and Webfic are two very popular platforms globally among the community of fiction and fanfiction novel readers, which give new writers the opportunity to publish their texts. Both have millions of installations on Android.
An insecure Elasticsearch server has exposed a database of more than 1.5TB, that contained more than 101 million records of the users of these platforms, unencrypted and accessible from the open internet.
Identified by Cybernews researchers, the database contains information such as usernames, emails and password hashes. From the readers they have leaked device metadata from which they connect, as well as reading history, Shelf activity and logs of interactions. Also a behavior analysis.
In the case of writers, of whom 257,663 records have been found, information regarding signing contracts with publisherswhich includes physical addresses and government documentsas well as details of the contract, payment information and the works to be published, including narrative schemes.
Cybernews warns that affected readers and writers are exposed identity theft, financial fraud or intellectual property theftas indicated in a statement shared on their blog.
To those affected, they recommend change passwords of your GoodNovel and Webfic accounts and implement multi-factor authentication. Also pay attention to suspicious emails already irregular movements in your bank accounts.