London-based Snaptrip Exposed Customers’ Data Through Unsecured Database

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

UK-based marketing firm, Snaptrip, has recently joined the trail of accidental data exposures. Through its unprotected database, Snaptrip exposed customers’ data including explicit personal and payment information.

Snaptrip Exposed Customers’ Data

Security researcher Bob Diachenko encountered another unsecured MongoDB. The database belonged to a London-based company ‘Snaptrip’ that serves as a ‘last-minute’ cottage deals service. Snaptrip exposed customers’ data from sensitive details through their unprotected database.

As disclosed in his blog post, he found the publicly open MongoDB on May 21, 2019. Upon digging within the matter, he found exposed admin credentials and hashed passwords. The database entitled ‘Snap-Trip-Api’ exposed 1006 records including sensitive personal and payment data of the customers. Specifically, the personal details included customers’ full names, contact numbers and addresses, and email addresses. Whereas, the payment data included credit card details such as brand/name/type/PAN token/CVV token.

Database Closed Shortly After Shodan Indexing

The researcher noticed that Shodan indexed the open database’s IP on May 17, 2019. Whereas, he discovered the database on May 21, 2019, (four days after indexation). Following this discovery, he quickly informed the company about the matter. Appreciably, the database went offline within hours after the report.

While the company has taken the database offline, it remains unconfirmed whether they informed the customers about the incident. The firm didn’t reply to the researcher on such queries.

Just recently, we got to know how a hacking group ‘Unistellar’ wiped off 12,000 open MongoDB databases. The hackers simply leveraged the opportunity to draw ransom from these firms. Even if they fail to do so, they still have got a treasure trove of data which they can use for various malicious activities. For instance, one of the databases they hacked recently, contained 275 million records belonging to Indian citizens. Imagine what an enormous bulk of data they would have acquired if every hacked database included such huge data.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!