Another MongoDB instance exposed million of records carrying sensitive information. As discovered, the unsecured database linked back to an Iranian ride-hailing app. The leaked records included personal information of Iranian drivers.
Data Leaked By Iranian Ride-Hailing App
Researcher Bob Diachenko has once again come across a leaky database that exposed the personal information of millions of individuals. As reported, the unsecured database from an Iranian ride-hailing app left the data of Iranian drivers publicly accessible online. Diachenko stated about his findings in detail in his blog post.
Allegedly, he found the publicly accessible MongoDB instance via BinaryEdge search engine during a regular audit for nonSql databases. He noticed the leaked details included sensitive information about the drivers such as drivers’ names, contact numbers, invoice date, and SSN (Iranian ID number).
The unsecured database entitled “doroshke-invoice-production” contained two collections. One of these, named ‘invoice95’ had 740,952 records from the year 2017. Whereas, the other collection, named ‘invoice96’ contained 6,031,317 records from 2018. In all, this makes the total data put at risk up to 6,772,269 records. After removing the duplicate entries, Diachenko estimated the actual unique data to be around 1 to 2 million.
Database Now Secured
Initially, Diachenko couldn’t establish the owner of the database, since the leaked details had no hint about the company affiliation. Nonetheless, he did report the matter to the Iranian CERT for necessary action.
Bob Diachenko found the unsecured database on April 18, 2019. Later that day, he confirmed in his tweet that the then unidentified vendors secured the database.
database is now secured!
— Bob Diachenko (@MayhemDayOne) April 18, 2019
In another tweet the following day, Diachenko revealed that the data belonged to Tap30 – one of the leading Iranian ride-hailing services.
— Bob Diachenko (@MayhemDayOne) April 19, 2019
Let us know your thoughts about the article in the comments section below.
Latest posts by Abeerah Hashim (see all)
- Microsoft December Patch Tuesday Addressed Zero-Day Under Active Exploit - December 13, 2019
- Microsoft Phishing Attack Bypasses Security By Creating Local Login Form - December 9, 2019
- The Spotify Phishing Attack That Tricks Users Through Fake Failed Payment Notices - December 9, 2019