MongoDB Database with 11 Million Records Publicly Accessible

On September 17, security researcher Bob Diachenko found a publicly accessible MongoDB database containing 43.5 GB of data and 10.999.535 Yahoo e-mail addresses.

Among other details, each record contained in the database included an e-mail address, the full name and gender, and other sensitive personal data such as the city and zip code, together with a physical address.

More importantly, besides the e-mail address, the database also had information about the status sent by the mail server when contacted, detailing if the message was delivered or the server rejected the email.

As discovered by Diachenko the database was online and exposed since September 13 when the Internet-connected device search engine indexed it, with a "compromised" tag and a 0.4 BTC ransom note.


No comments:

Post a Comment