Saudi Caller ID App (Dalil) Exposes 5 Million Users via Unprotected Database

Published on March 6, 2019
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

A Saudi caller ID app named “Dalil” that has been downloaded by over 5 million people has been leaking its users’ data for over a week now, with the unprotected MongoDB database being still available online and wide open for anyone to access. The researchers who discovered the particular database are Noam Rotem and Ran Locar, and despite their efforts in reaching out to the app developers, they have failed to receive a response. The data that is accessible is highly sensitive, including the personal details as well as the activity logs of all users, such as full name, email, Viber account, device IMEI, SIM number, MAC address, GPS coordinates, and more.

As the app is mainly targeted to Saudis, the majority of the affected users are from Saudi Arabia, but a few Israeli, Egyptian, Emirati, and Palestinian numbers are also to be found in the unprotected database. The information that is currently available to anyone allows for the seamless tracking of the compromised accounts, as the GPS coordinates expose the position of the owners in real time. This means that it is imperative for all existing users to stop using Dalil, and uninstall it from their devices. As seen in the accessible database, former users are wiped out, and only active user accounts are still logged. This shows that the open database is connected to the “main operation” server, getting daily updates and currently counting over 585 GB of data.

As Ran Locar told ZDNet, in the last month alone, Dalil had 208,000 new user registrations, so everything is operational as if nothing is wrong. In fact, the researcher has discovered that at some point, a threat actor accessed the database and proceeded to encrypt some of the data. The developers of Dalil didn’t notice the breach, nor the ransom note that the actor left behind. Characteristically, they continued using the same database to store new user data and activity logs, allowing for a similar attack to take place in the future. Whether the Dalil app developers are irresponsible, incompetent, or have simply left their project on autopilot mode doesn’t really matter. The main point is for the Dalil users to be informed of the fact that their location data, as well as other highly sensitive information, is openly available to anyone in real time, and that they need to stop using it immediately.

Are you using, or have you ever used Dalil in the past? Share your experience in the comments section below. Also, help us spread the word by sharing this post through our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: