— Data Leak Existed for at Least 3 Months On #Mastodon —
According to the service, they registered that the misconfiguration existed on February 24. Subsequently, it is said to have taken only half an hour to fix the error. However, the question arises as to how long criminals had access to the exposed data. The service itself suspects that it existed since February 2. However, a user of the social network gives a different information. He reported that his data had already been exported on December 5. If this is the case, the leak would have lasted for more than three months. However, Rochko contradicted this information.
The CEO also revealed the exact number of people affected. If you add the users of Mastodon.social with those of Mastodon.online, which was also affected, you get more than 6,000 users. In addition, it was human error that led to the misconfiguration. The wrong setting was also found in other channels of the service. Of course, it was corrected there as well. Rochko told colleagues at Golem.de that no evidence of data access could be found in the archives. Nevertheless, access cannot be ruled out with absolute certainty.
SOURCE: https://basic-tutorials.com/news/major-data-leak-from-mastodon/