11M Records of E-Marketing Data Exposed Online From Unsecured MongoDB Instance

It has only been a week since we heard of the massive Veeam data leakage from misconfigured MongoDB server incident. The incident exposed 200GB of data consisting of approx. 445 million records. While debates over the incident still continue, here we report another similar incident. This time, an unprotected MongoDB instance left millions of e-marketing data exposed online.

E-Marketing Data Exposed 11 Million Records Online

As reported by security researcher Bob Diachenko, an unsecured MongoDB instance left huge e-marketing data exposed online. The database allegedly risked 11 million records that included personal details of the customers.

While continuing his work over open MongoDBs on Shodan, he found a “huge customerbase” exposed online. As stated in his article on LinkedIn,

“The data was available from an unprotected MongoDB instance set up on Grupo-SMS hosting infrastructure, and could be accessed by anyone from Sept 13th on (when Shodan last indexed it).”

Reportedly, he found a dataset of 43.5GB that precisely included 10,999,535 email addresses. Interestingly, all of them were Yahoo-based. In addition to the email addresses, the database also included other personal details such as names, gender, and home addresses.

Leaked Database Taken Offline

As stated by Diachenko, it took him a while to identify the source of the database, since he couldn’t find any clues anywhere. However, a single hint directed him towards SaverSpy – a marketing firm powered by Coupons.com. He then contacted the firm to inform them of the breach. Although he didn’t get a response at the time, he later observed that the database was taken offline.

Nonetheless, he made another interesting observation about this database.

“That MongoDB in question has already been tagged as ‘Compromised’ in Shodan and contained ‘Warning’ database with ‘Readme’ collection and ransom note demanding 0.4 BTC for recovering the data. However, at the time of discovery, all data were intact.”

Bob Diachenko has reported several instances in the past where he found data exposed online from open MongoDBs. Two weeks before the Veeam data breach, he also found 200,000 documents leaked online from an open server. Though the present incident doesn’t highlight anything unique, it indeed reinforces the need for various organizations to review their database security measures.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients