Over 275 Million Records Exposed by Unsecured MongoDB Database (May 8, 2019)
Security Discovery researcher Bob Dianhenko has discovered an unprotected “MongoDB” database that was left unprotected for more than two weeks. The database contained 275,265,298 records containing Personally Identifiable Information (PII) belonging to Indian citizens. The data includes: date of birth, email, name, and profession details such as salary. The database, hosted on AWS, was stored in a passwordless instance; left unsecured by the owner who is still unknown. The database is no longer available as a threat group known as “Unistellar” took the database offline.
Recommendation: It is crucial that any database, particularly containing personally identifiable information is secure and not available to the public. Data leaks can cause individuals to be a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Users be cautious when receiving emails from unknown senders because a leak of this sort can put them at a higher risk of spear phishing emails.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.