Veeam Manages to Expose Data in MongoDB Snafu
(Sep 13, 2018)
The data management company, Veeam, suffered a data breach after a misconfigured MongoDB server exposed 445 million records, including email addresses and potential customer names, to the public. Security researcher, Bob Diachenko, discovered an Amazon-hosted IP address that was left exposed without a password from August 31 until September 9, 2018. The 200 gigabytes of data was from the company’s marketing automation team included millions of files from between 2013 and 2017. This caused information such as country, customer’s names, email addresses, organization size, recipient type, and others to be public-facing. Following the breach, Veeam quickly secured the database server, as well as released a statement that said many of the files were duplicates, so the actual number of accessible emails and records is closer to 4.5 million.
Recommendation: It is crucial for your company to verify that access control is configured correctly prior to adding any sensitive data. As this story portrays, a misconfigured database can cause leaks of sensitive and non-sensitive information, which could be used for further malicious activity such as phishing, and cause significant harm to a company’s reputation. Databases should never be connected to the internet directly in the first place.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.