MongoDB Leak Exposes 66 Million Users
NEWS

MongoDB Leak Exposes 66 Million Users

Data that belongs to more than 66 million users has been found on a website which was completely accessible to everyone. The records seemed to appear as if they were scraped from profiles in LinkedIn.

The data may also include personal information which could be used to personally identify users, and hackers could create a phishing attack based on this data.

In addition to this, Bob Diachenko, the director of Cyber Risk Research at Hacken, the MongoDB database was exposed without any request of authentication, leaving the data consisting of exactly 66,147,856 records. The information contained the following details about each user:

  • E-mail address.
  • Location details.
  • Skills.
  • Phone number.
  • Previous employers.
  • Link to profile.

Not only this, but the records also exposed personal as well as professional e-mail addresses, and the location was also specified to country, state, and city.




The Leak Found Via Web Scraping

The researcher who found the leak first discovered a repository which had approximately 50 million records. The actual leak in its sense is not a leak that is done on purpose, but happened as a result of researchers performing the so-called “web-scraping” – the activity of extracting data from a website. This follows a MongoDB database discovery, impacting over 120 million up to date records. Not only this, but MongoDB also suffered ransomware attacks in a rapid increase of the infection rate in successful ransomware attacks:

Related:
Misconfigured MongoDB databases are the latest targets hence victims of ransomware. Successful attacks against MongoDB have doubled within a single day, researchers say. Servers running MongoDB were first targeted in December 2016, but the scale of the malicious attempts was...Read more
MongoDB Ransomware Attacks Misconfigured Servers

Only recently in September, MongoDB had a virus attack which impacted web apps and websites and caused them to malfunction on a massive, global scale, likely compromising 93 terabytes of data from 12,000 MongoDB servers and demanding 1 BitCoin to be paid for the recovery of the data there.

Related:
Computer security experts detected a worldwide MongoDB servers virus attack that has impacted web applications and sites to malfunction on a global scale
MongoDB Virus Attack Impacts Databases Worldwide




Moreover, researchers in Florida have discovered around 22 million records which also have employee candidates’ personal addresses, e-mails, names and the job searching areas they are interested in.

And when it comes to personal information, security researcher Diachenko stated in his report that while this information is available to the public, it is not a good idea to use the hidden data of the user, since it is illegal.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...