CYBER NEWS

MongoDB Leak Exposes 66 Million Users

Data that belongs to more than 66 million users has been found on a website which was completely accessible to everyone. The records seemed to appear as if they were scraped from profiles in LinkedIn.

The data may also include personal information which could be used to personally identify users, and hackers could create a phishing attack based on this data.

In addition to this, Bob Diachenko, the director of Cyber Risk Research at Hacken, the MongoDB database was exposed without any request of authentication, leaving the data consisting of exactly 66,147,856 records. The information contained the following details about each user:

  • E-mail address.
  • Location details.
  • Skills.
  • Phone number.
  • Previous employers.
  • Link to profile.

Not only this, but the records also exposed personal as well as professional e-mail addresses, and the location was also specified to country, state, and city.




The Leak Found Via Web Scraping

The researcher who found the leak first discovered a repository which had approximately 50 million records. The actual leak in its sense is not a leak that is done on purpose, but happened as a result of researchers performing the so-called “web-scraping” – the activity of extracting data from a website. This follows a MongoDB database discovery, impacting over 120 million up to date records. Not only this, but MongoDB also suffered ransomware attacks in a rapid increase of the infection rate in successful ransomware attacks:

Related:
Misconfigured MongoDB databases are the latest targets hence victims of ransomware. Successful attacks against MongoDB have doubled within a single day, researchers say. Servers running MongoDB were first targeted in December 2016, but the scale of the malicious attempts was...Read more
MongoDB Ransomware Attacks Misconfigured Servers

Only recently in September, MongoDB had a virus attack which impacted web apps and websites and caused them to malfunction on a massive, global scale, likely compromising 93 terabytes of data from 12,000 MongoDB servers and demanding 1 BitCoin to be paid for the recovery of the data there.

Related:
Computer security experts detected a worldwide MongoDB servers virus attack that has impacted web applications and sites to malfunction on a global scale
MongoDB Virus Attack Impacts Databases Worldwide




Moreover, researchers in Florida have discovered around 22 million records which also have employee candidates’ personal addresses, e-mails, names and the job searching areas they are interested in.

And when it comes to personal information, security researcher Diachenko stated in his report that while this information is available to the public, it is not a good idea to use the hidden data of the user, since it is illegal.

Avatar

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...