Iranian Ride-Hailing App Exposed Drivers’ Information Via Unsecured Database

  •  
  •  
  •  
  •  
  •  
  •  
  •  

Another MongoDB instance exposed million of records carrying sensitive information. As discovered, the unsecured database linked back to an Iranian ride-hailing app. The leaked records included personal information of Iranian drivers.

Data Leaked By Iranian Ride-Hailing App

Researcher Bob Diachenko has once again come across a leaky database that exposed the personal information of millions of individuals. As reported, the unsecured database from an Iranian ride-hailing app left the data of Iranian drivers publicly accessible online. Diachenko stated about his findings in detail in his blog post.

Allegedly, he found the publicly accessible MongoDB instance via BinaryEdge search engine during a regular audit for nonSql databases. He noticed the leaked details included sensitive information about the drivers such as drivers’ names, contact numbers, invoice date, and SSN (Iranian ID number).

The unsecured database entitled “doroshke-invoice-production” contained two collections. One of these, named ‘invoice95’ had 740,952 records from the year 2017. Whereas, the other collection, named ‘invoice96’ contained 6,031,317 records from 2018. In all, this makes the total data put at risk up to 6,772,269 records. After removing the duplicate entries, Diachenko estimated the actual unique data to be around 1 to 2 million.

Database Now Secured

Initially, Diachenko couldn’t establish the owner of the database, since the leaked details had no hint about the company affiliation. Nonetheless, he did report the matter to the Iranian CERT for necessary action.

Bob Diachenko found the unsecured database on April 18, 2019. Later that day, he confirmed in his tweet that the then unidentified vendors secured the database.

In another tweet the following day, Diachenko revealed that the data belonged to Tap30 – one of the leading Iranian ride-hailing services.

Let us know your thoughts about the article in the comments section below.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!