Astrology and spirituality website WeMystic recently suffered a data breach, exposing approximately 13.3 million user records in its open database, including 34GB of sensitive information. This discovery was first revealed by the Cybernews research team.
WeMystic provides content on astrology, mental health and mysticism, and has an online store selling a variety of products, serving Brazilian, Spanish, French and English-speaking users. It uses MongoDB to store large amounts of user data, including an open and passwordless database.
Although WeMystic has shut down the database, researchers found that data from the past five days was still accessible. The leaked information includes names, email addresses, dates of birth, IP addresses, gender, zodiac signs, and user system data.
This data breach could pose serious security risks. Attackers may use this information to conduct malicious activities such as identity theft, phishing, spam, and targeted advertising. Worse, they may even manipulate users based on their astrological beliefs, which undoubtedly poses serious risks to users’ privacy and security.