Around 36 Million Records From 110 MongoDB Servers Leaked By GhostShell

  • 227
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    227
    Shares

24 year old Romanian hacker GhostShell has leaked more than 36 million user’s accounts among which 3.6 million records include passwords of several accounts. The hacker announced the data leak on Twitter and posted a link to a PasteBin URL where users can find a statement about this hack. The reason was to raise awareness about the poor security infrastructure implemented on MongoDB databases by their owners.

The download package is a 598 MB ZIP file, which decompresses to 5.6 GB of data, containing 110 folders named based on the hacked server’s IP.  There are 110 IP addresses that were breached and to every IP there is a dedicated folder with the DB data, proof and general information. The data varies from server to server but reveals a lot of sensitive info such as username, password, full name, phone, address, 627,296 email addresses and more.

ghostshell-leaks-around-36-million-records-from-110-mongodb-servers-504856-3

I only used simple scanners like Shodan to discover these databases and alsot all the databases I accessed had no username or password for the root account and had a large number of open ports, according to GhostShell.

Some of the data that were leaked :

ghostshell-leaks-around-36-million-records-from-110-mongodb-servers-504856-4 ghostshell-leaks-around-36-million-records-from-110-mongodb-servers-504856-6

Click here to read GhostShell’s full mission statement.

 

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply