mongodb

Blog, Data Breach, database, mongodb February 13, 2020

US non-profit for international study exposes private documents of thousands of students: report

The Institute of International Education (IIE), a US nonprofit that focuses on foreign exchange study and scholarship, exposed a database on the web containing thousands of logs and links to private student documents. The database…

Like this story? Please share it!

Data Breach, heartbeat, IoT, mongodb October 15, 2019

Whirlpool Exposed Database with Home Appliances Scan Results

On October 1st, I have found a rather unusual web interface of Heartbeat monitoring service. The open and publicly available instance contained a graph and description which immediately got my attention: Here you can analyze…

Like this story? Please share it!

Data Breach, mongodb September 24, 2019

Mexican Online Bookstore Exposed Data – Again

On September 9th, I have discovered three (3) open and unprotected MongoDB instances which appeared to be part of Librería Porrúa, a long-established bookseller based in Mexico. This case would have been left unnoticed if I…

Like this story? Please share it!

database, mongodb September 17, 2019

Banking Trojan Database Exposed – Millions of Users At Risk

On July 5th I discovered two (!) open and publicly accessible MongoDB instances which appeared to be part of the GootKit network – one of the most advanced banking Trojans discovered in the wild in the…

Like this story? Please share it!

Blog, Data Breach, ipv6, mongodb August 14, 2019

Home and Family Job Search Engine Exposed Its Database

FamilaFacil, a Madrid-based home and family job search platform, has exposed its MongoDB database with details on their users and candidates. This was the first time I discovered an unprotected instance sitting in IPv6 environment…

Like this story? Please share it!

Blog, Data Breach, Data Security Education, mongodb August 8, 2019

Sex Sells! Spanish Chain of “Men’s Clubs” Exposed Its Database

On August 4th I discovered an open and unprotected MongoDB database which appeared to be part of a Spanish company managing a chain of “men’s clubs” across the country. IP with the database in question…

Like this story? Please share it!

Blog, Data Security Education, mongodb, Opinion Article July 29, 2019

Even randomized dummy data should be protected

A database belonging to online voting system provider Everyone Counts has been exposed, leaving what appears to be “randomized and anonymized” data used to simulate millions of voters and election workers open to the public….

Like this story? Please share it!

Blog, Data Breach, mongodb May 29, 2019

London-based Marketplace Accidentally Exposed Personal Details of its Customers

In another MongoDB-related misconfiguration incident, a UK-based company exposed personal and payment data of several hundreds of its customers. On May 21st, I have identified an open and unprotected MongoDB instance, with no password/login needed…

Like this story? Please share it!

Data Breach, mongodb May 9, 2019

Massive SMS Bombing Operation Uncovered In Passwordless Database

SMS marketing has been an increasing problem with the rise of scripts and applications and that send literally countless messages as fast as they can be sent. On April 11th, I discovered an open and…

Like this story? Please share it!

Data Breach, database, mongodb May 8, 2019

Database With Millions of Indian Personal Records Exposed and Hijacked

On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: Name Email Gender Education level and area…

Like this story? Please share it!

Data Breach, database, mongodb May 3, 2019

AMC inadvertently exposed its subscribers database for Sundance Now and Shudder services

On May 1st I have discovered an unprotected and publicly available MongoDB instance which appeared to contain data related to AMC Networks’ premium streaming offerings – Sundance NOW and Shudder. Although no sensitive information was…

Like this story? Please share it!

Blog, Data Breach, database, mongodb April 18, 2019

Iranian Ride-Hailing App Database Exposure

On April 18th, during our regular security audit of nonSql databases with BinaryEdge search engine, I have discovered an open and publicly available MongoDB instance which contained astonishingly sensitive information on Iranian drivers. Information was…

Like this story? Please share it!