MongoDB Leak Exposes 66 Million Users

MongoDB Leak Exposes 66 Million Users

Data that belongs to more than 66 million users has been found on a website which was completely accessible to everyone. The records seemed to appear as if they were scraped from profiles in LinkedIn.

The data may also include personal information which could be used to personally identify users, and hackers could create a phishing attack based on this data.

In addition to this, Bob Diachenko, the director of Cyber Risk Research at Hacken, the MongoDB database was exposed without any request of authentication, leaving the data consisting of exactly 66,147,856 records. The information contained the following details about each user:

  • E-mail address.
  • Location details.
  • Skills.
  • Phone number.
  • Previous employers.
  • Link to profile.

Not only this, but the records also exposed personal as well as professional e-mail addresses, and the location was also specified to country, state, and city.

The Leak Found Via Web Scraping

The researcher who found the leak first discovered a repository which had approximately 50 million records. The actual leak in its sense is not a leak that is done on purpose, but happened as a result of researchers performing the so-called “web-scraping” – the activity of extracting data from a website. This follows a MongoDB database discovery, impacting over 120 million up to date records. Not only this, but MongoDB also suffered ransomware attacks in a rapid increase of the infection rate in successful ransomware attacks:

Related: MongoDB Ransomware Attacks Misconfigured Servers

Only recently in September, MongoDB had a virus attack which impacted web apps and websites and caused them to malfunction on a massive, global scale, likely compromising 93 terabytes of data from 12,000 MongoDB servers and demanding 1 BitCoin to be paid for the recovery of the data there.

Related: MongoDB Virus Attack Impacts Databases Worldwide

Moreover, researchers in Florida have discovered around 22 million records which also have employee candidates’ personal addresses, e-mails, names and the job searching areas they are interested in.

And when it comes to personal information, security researcher Diachenko stated in his report that while this information is available to the public, it is not a good idea to use the hidden data of the user, since it is illegal.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share