Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Databases

MongoDB Database Containing Over 275 Million Personal Records Exposed and Hacked (bleepingcomputer.com) 47

"An unprotected and public-facing MongoDB database containing over 275 million records of personal information on Indian citizens has been discovered on search engine Shodan," writes Slashdot reader helpfulhecker.

BleepingComputer reports that the detailed personally identifiable information was exposed online for over two weeks: Security Discovery researcher Bob Diachenko discovered the publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as historical data provided by the platform showed, the huge cache of PII data was first indexed on April 23, 2019. As he found out after further investigation, the exposed data included information such as name, gender, date of birth, email, mobile phone number, education details, professional info (employer, employment history, skills, functional area), and current salary for each of the database records.

While the unprotected MongoDB database leaked the sensitive information of hundreds of millions of Indians, Diachenko did not find any information that would link it to a specific owner. Additionally, the names of the data collections stored within the database suggested that the entire cache of resumes was collected "as part of a massive scraping operation" for unknown purposes.

Two months ago Diachenko also helped uncover over 800 million exposed email addresses in another unprotected MongoDB database. And in January an investigation with TechCrunch also discovered millions of highly sensitive financial documents from tens of thousands of individuals who took out loans or mortgages.

The same month Diachenko also discovered an exposed 854 gigabyte MongoDB database filled with resumes from over 200 million job-seekers in China.
This discussion has been archived. No new comments can be posted.

MongoDB Database Containing Over 275 Million Personal Records Exposed and Hacked

Comments Filter:
  • by Anonymous Coward

    And it's web-scale. Relational databases that refuse network connections by default are old 70s tech.

    • by ceoyoyo ( 59147 )

      Mongo used to accept any connections, with no password, by default, but I don't think it does that anymore. Now you have to specifically tell it to spew your data all over the net.

      This isn't Mongo's fault, it's the fault of people doing a job they are not qualified for.

  • But the diabolical hacker didn’t use a JOIN when pulling all that data.

  • ... if they could get to the data before Mongo DB lost it.

  • It is not "hacked" (Score:4, Interesting)

    by gweihir ( 88907 ) on Saturday May 11, 2019 @02:53PM (#58575138)

    ... if it is unprotected.

  • by astrofurter ( 5464356 ) on Saturday May 11, 2019 @11:29PM (#58576516)

    I don't know about anyone else, but I find stories like this kinda beautiful.

    Silicon Valley has embraced unamerican surveillance state totalitarianism with open arms. While doubling down on race-to-the-bottom employment policies: outsourcing, H1B scabs, caste politics, racism, ageism, sexism, raging nepotism, credentialism, etc. The inbred upper class twits who own the Valley have made it clear they hate us deplorable nerds, and are doing their very best to replace us.

    More and more beaches are inevitable. The problem can only get worse. Those who could prevent the beaches, won't be given the chance to do so. Privacy is gone - everything, everyone, everywhere is surveiled at all times. The algos know when you take a shit and how many pieces of TP you use. And allllllllll that snooping data is gonna leak.

    So let's just sit back and laugh while the world burns. We dreamed we were building freedom when in fact we were building dystopia. The system can't be saved and doesn't deserve to be saved. The best case scenario is for this whole superstructure of cybernetic totalitarianism to collapse under the weight of its own complexity, expense, and internal contradictions.

    Let it burn!

    • "More and more beaches are inevitable."

      Fuck I wish Slashdot would implement posting previews in mobile view. I hope it was obvious that more and more breaches, not beaches, are inevitable.

    • There is something crazy going on in the computer industry. Code is becoming unstable, and even important projects are being written by people who don't know what they are doing. Churn is ridiculous.

      I can't tell if it's something new or not. There have always been some really, really good programmers (like Donald Knuth), and some average programmers (like COBOL coders), and some really bad programmers (like this pointed out by GravisZero [slashdot.org]).

      Maybe nothing has changed at all, but it seems a lot harder now

...there can be no public or private virtue unless the foundation of action is the practice of truth. - George Jacob Holyoake

Working...