Blog

Iranian Ride-Hailing App Database Exposure

On April 18th, during our regular security audit of nonSql databases with BinaryEdge search engine, I have discovered an open and publicly available MongoDB instance which contained astonishingly sensitive information on Iranian drivers. Information was…

Like this story? Please share it!



Auchan France Left Digital Keys Exposed

On March 21, 2019, I have discovered a publicly available service instance which appeared to contain credentials and login details to Auchan E-Commerce infrastructure. IP with Marathon and Zookeeper instances was indexed by public search…

Like this story? Please share it!





Delhi Citizens Data Leak

On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals…

Like this story? Please share it!


Large eAccounting Data Breach in Mexico

On January 22, 2019, we have identified a passwordless MongoDB database with almost 5 Million records labeled as CFDI  (short for Comprobantes Fiscal Digital por Internet) – the electronic billing schema defined by the Mexican federal tax…

Like this story? Please share it!

Document Management Company Left Credit Reports Online

On January 10th, I identified an unprotected Elasticsearch cluster which contained 51 GB of what appeared to be OCR (Optical character recognition) credit and mortgages reports, with total number of records in the database more…

Like this story? Please share it!


The World’s Largest Youth-Run Organization Had a Data Breach

On January 11th, Bob Diachenko of SecurityDiscovery.com, identified another unprotected Elasticsearch instance which contained millions of records – this time related to AIESEC, “the world’s largest youth-run organization. According to Wikipedia the AIESEC network has…

Like this story? Please share it!


The Howard Hughes Corporation Leaks Database Passwords

Researchers from SecurityDiscovery.com have found a security flaw in an Apache Airflow instance which allows anybody with an internet connection to view database credentials. It appears that the instance belongs to the Howard Hughes Corporation….

Like this story? Please share it!