Pexels / Pixabay
Cyber Threat Intelligence Director & journalist at SecurityDiscovery.com Bob Diachenko has reported a massive breach in a yet-to-be-identified organization’s data base, which left “personal indentifiable information of millions of Indians exposed. This may be one of this year’s data breaches of 2019.
Bob wrote on his blog: On May 1st, I have discovered an unprotected & publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens.
A MongoDB is a cross-platform document-oriented database NoSQL program, used by many big names.
In this instance of breach, the MongoDB itself was hosted on Amazon AWS infrastructure. Many say this could easily be one of the biggest data breaches of 2019.
In the security expert’s opinion, the structure & names of the collections in the database hinted that data was likely collected by anonymous person or organization as part of a “massive (data) scraping operation.”
What was collected:
- Name
- Gender
- Education level and area of speciazliation
- Professional skills / functional area
- Mobile phone number
- Employment history and current employer
- Date of birth
- Current salary
Bob said in his blog post that he had notified Indian CERT team about the breach, but the database remained open & “searchable” till May 8, after which when it got dropped by hackers known as ‘Unistellar’ group. All the Content was wiped out, & some message was left behind.
The expert said while the actual number of exposed persons could be less than the total number of records exposed, “it was still one of the biggest breaches reported in the region.”
An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back.
Experts say such types of attacks are no longer new. MongoDB databases have been targeted for a while now. Hackers scan the Internet or use services such as Shodan.io to search for unprotected MongoDB servers. Once connected, the attackers may export the databases, delete them, & then create a ransom note explaining how to get the databases back.
To read about this modus operandi, click here.
