AngelSense Data Leak: GPS Locations and Audio Recordings Exposed – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

AngelSense Leak Exposes Most Vulnerable to Extreme Risk

The GPS tracking device AngelSense, designed for individuals with special needs, left a database exposed, leaking users' live locations, audio recordings, and passwords. The discovery by cybersecurity firm UpGuard has revealed the most private data of thousands of families.

The AngelSense logo and a GPS tracking device on a background graphic about a data breach.

What Happened

Imagine trusting a piece of technology to keep your most vulnerable loved ones safe—perhaps your child with autism or a parent with dementia. This technology tells you where they are, alerts you if they wander somewhere dangerous, and even lets you listen in during an emergency. Now, imagine that same technology left every single piece of that sensitive data on the internet, without a password, for anyone to see. This is the reality facing AngelSense users today.

On June 1, 2026, the cybersecurity research firm UpGuard published a report revealing that a massive database belonging to AngelSense, a company that makes GPS trackers for people with special needs, was completely open and accessible. UpGuard researchers discovered an Elasticsearch database used by the company was exposed to the public internet with no password or authentication required. This means even basic cybersecurity measures weren't in place. You didn't need to be a hacker to access it; anyone who knew the right address could easily get their hands on the most private information of thousands of users.

AngelSense has built its entire marketing strategy on safety and peace of mind. They sell families the comfort of knowing their loved ones are secure. This leak, however, has shown just how fragile that trust was. The company's most valuable asset—its user data—was as unprotected as a book left on a public library shelf for anyone to pick up and read. After discovering the situation, UpGuard immediately contacted AngelSense, and the company secured the database upon receiving the alert. But the question remains: how long was that door open, and who walked through it while no one was looking?

Has your email been leaked? Check for free — results in seconds.

Check Now →

The Data Exposed

What sets this breach apart is the nature of the stolen data. This isn't just another email and password leak. This is far more personal, far more intimate, and potentially far more dangerous. The exposed database contained:

  • User Information: Full names, email addresses, and home and mobile phone numbers of parents and guardians. This information is a goldmine for direct fraud and identity theft.
  • Plaintext Passwords: This is perhaps the most unforgivable part. The passwords users created to log in to their AngelSense accounts were stored without any encryption, in plain text. This means if your password was "password123," it appeared as "password123" in the database. Considering many people reuse passwords across multiple platforms, this puts not just their AngelSense accounts at risk, but potentially their entire digital life.
  • Device Information: The unique ID and serial number for each GPS device. This could make it easier to target a specific individual's device.
  • Real-Time Location Data: This might be the most terrifying data point. The live latitude and longitude coordinates of users. In other words, the exact location of the person wearing the device at that very moment. This would allow someone to track a child's every move at school, in the park, or at home.
  • Named Locations: The full addresses and geographic coordinates of places users saved in the app, such as "Home," "School," "Work," and "Therapist." This paints a complete picture of a person's daily routine, where they spend their time, and their entire lifestyle.
  • Alerts and Alarms: A log of all automated alerts, such as "Left School," "Arrived Home," or "Unexpected Stop." This provides a way to analyze a person's patterns of movement and any deviations from their routine.
  • Audio Recordings: AngelSense devices have a "listen-in" feature that allows guardians to listen to the device's surroundings in an emergency. The leaked database contained links to audio files recorded during these sessions. This means private conversations, a child's classroom lesson, or an adult's discussion with their doctor could have been intercepted by third parties. It is a profound violation of privacy at its most fundamental level.

How the Attack Happened

We're not talking about a sophisticated hacking operation or a state-sponsored cyberattack here. The reality is much simpler and all the more frustrating: Negligence. AngelSense used Elasticsearch, a popular database technology, to store customer data. These databases are quite secure when configured correctly. But there's a golden rule: a database exposed to the internet must have a password and access controls.

Apparently, AngelSense skipped this most basic rule. The database was configured in such a way that anyone on the internet could access it without any special software or skills. Researchers at UpGuard discovered this open server while scanning the internet with their tools. It was as easy as walking into a house with the door wide open and a sign that says, "Valuables Inside." Attackers could have found this database and copied all the data inside over a period of days or even weeks. Until the company secured it, that door remained open, and it's unknown who came and went.

This type of configuration error is surprisingly common in the world of cybersecurity, but for a company handling data of this sensitivity, it's an unacceptable failure.

Who Is Affected

The targets of this leak are some of the most vulnerable members of society. AngelSense devices are often used by individuals with autism, Asperger's, dementia, Alzheimer's, and other cognitive or developmental differences. These individuals and their families rely on this technology to ensure their safety and reduce the risk of them getting lost.

Those affected are not just the people wearing the devices, but also their families, guardians, and caregivers. This leak gives malicious actors an incredible amount of power. Knowing the exact route a child walks home from school or what time they play in the park every day provides a terrifying advantage for a potential kidnapper. Knowing where an elderly person with dementia lives and when they are alone makes them an easy target for fraud or theft. The leaked audio recordings could be used as blackmail material, in addition to violating family privacy. A product that families bought for "security" has turned into their biggest security nightmare. This leak didn't just steal data; it stole the peace of mind and sense of security of thousands of families.

What You Can Do

If you are or were an AngelSense user, there are steps you need to take right now. You need more than the classic "change your password" advice. This is serious.

  • Change All Your Passwords, Not Just for AngelSense: Because your password was leaked in plain text, you must immediately change the password on every single online account where you used it (email, social media, banking). Attackers routinely test email and password combinations from breaches like this on other major platforms. This is the most urgent step.
  • Review Your AngelSense Account Information: Log into your account and check the accuracy of your saved locations like "Home" and "School." Do you see any locations or alerts you don't recognize? Have any changes been made to your account settings, phone number, or email address? Make sure you are still in full control of your account.
  • Be on High Alert for Phishing and Scams: Attackers now have your name, email, phone number, and the knowledge that you use AngelSense. They can craft very convincing fake emails or text messages pretending to be from the "AngelSense Support Team" regarding the breach. They might ask you to click a link or provide more information. Do not trust any suspicious messages claiming to be from AngelSense. If you need to contact the company, do it directly through their official website.
  • Demand Answers from the Company: Don't settle for AngelSense's generic press release. As a customer, you have a right to know exactly which of your or your loved one's data was exposed. Email or call their customer service and ask how your account was specifically impacted by this breach and what additional steps they are taking to secure your data moving forward.
  • Re-evaluate the Listen-In Feature: The fact that audio recordings were leaked shows what a massive privacy risk this feature carries. Do you really need to use it? Does its benefit outweigh the potential risk? Perhaps disabling this feature could mitigate the impact of a potential future breach.

What the Company Is Saying

According to UpGuard's report, AngelSense acted quickly after being notified of the leak and secured the open database. In a public statement, the company confirmed they were alerted to a configuration error by a security researcher. The statement said, "The safety and privacy of our users is our highest priority. We immediately closed the unauthorized access to the database and have launched an internal investigation to determine the scope of the incident. We are directly contacting any users who may have been affected. We are deeply sorry for this incident and are working to further strengthen our systems." However, this statement leaves critical questions unanswered, such as how long the data was exposed and whether it was accessed by malicious actors during that time.

Source

https://www.upguard.com/breaches/angelsense-data-leak

Share This Article
X LinkedIn WhatsApp
← Previous Post Security Firm APIsec Leaks Its Own Customer Data Next Post → Spain Arrests Hacker Who Leaked Government Data

Weekly Newsletter

Curated data breach news delivered to your inbox every week.