Cybernews researchers have found that Tokee, a video and text messaging app, has leaked the details of 1.2 million user profiles, which represents the vast majority of the app’s user base. The exposed data was stored in a MongoDB database, a popular service businesses use to store and process large volumes of data.
Here’s the data that was leaked:
- User display names;
- Phone numbers (stored as numeric values);
- Profile avatars (hosted on Firebase Storage);
- Device tokens used for push notifications;
- User IDs;
- Account creation and update timestamps;
- “Last seen” activity indicators;
- Account status flags (e.g., premium/non-premium);
- The exposed database appears to have stored Tokee’s chat messages, but our researchers say the messages were encrypted.
After the Cybernews team contacted the company and the responsible authorities, the exposed database was taken offline.
Attackers could exploit the data to track and profile user activity and use leaked tokens for targeted phishing and spam campaigns, increasing cybersecurity risks for app users.
For more information, here’s the full report:
https://cybernews.com/security/tokee-messaging-app-data-leak
Related
This entry was posted on May 12, 2026 at 10:20 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Messaging app leaks details of 1.2M profiles online including names and phone numbers
Cybernews researchers have found that Tokee, a video and text messaging app, has leaked the details of 1.2 million user profiles, which represents the vast majority of the app’s user base. The exposed data was stored in a MongoDB database, a popular service businesses use to store and process large volumes of data.
Here’s the data that was leaked:
After the Cybernews team contacted the company and the responsible authorities, the exposed database was taken offline.
Attackers could exploit the data to track and profile user activity and use leaked tokens for targeted phishing and spam campaigns, increasing cybersecurity risks for app users.
For more information, here’s the full report:
https://cybernews.com/security/tokee-messaging-app-data-leak
Share this:
Like this:
Related
This entry was posted on May 12, 2026 at 10:20 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.