Another unprotected database has caught researchers’ attention. The database that allegedly belonged to MedicareSupplement.com exposed millions of user records having personal information.
MedicareSupplement.com Exposed User Data
Researchers from Comparitech, together with the security researcher Bob Diachenko, have discovered another leaky database. The researchers found that the database, linking back to MedicareSupplement.com exposed more than 5 million records having detailed personal information of the users. MedicareSupplement.com is an insurance marketing platform providing guidance to the consumers regarding insurance plans, the researchers have explained their findings in a blog post.
Researchers found an open MongoDB instance that apparently contained the website’s marketing leads data. Scratching the surface revealed that the database contained over 5 million detailed personal records of individuals. The exposed details included first names, last names, dates of birth, gender, email addresses, complete addresses, IP addresses, and other marketing data such as clicks, lead duration, landing page, etc.
In addition, the researchers could also see some information related to insurance. As stated in the blog,
Some records—about 239,000—also indicated insurance interest area, for example, cancer insurance. Data was spread around several categories, including life, auto, medical, and supplemental insurance.
Database Now Offline
The researchers allegedly noticed the unsecured database on May 13, 2019, whereas, BinaryEdge indexed the related IP address on May 10, 2019. After discovering the open database and determining its ownership, the researchers contacted MedicareSupplement.com to report the matter. However, they didn’t hear back from the firm. Nonetheless, the database went offline.
Commenting about the dangers of such publicly accessible databases, Bob Diachenko said,
The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges. Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.