Almost 9,5 Million PII Records Leaked by Data Aggregator Adapt

A publicly available and unprotected MongoDB database found by security researcher Bog Diachenko exposed 9,376,173 records of personally identifiable data collected by the Adapt.io data aggregator.

As detailed by Diachenko, the wide open 123 GB database was directly accessible by anyone with a MongoDB ID, an Internet connection, and the knowledge needed to find the exposed server.

The database records contained a wide range of information from individuals' full names, company name and description, the company's size and revenue to phone numbers, company domain, and the total number of contacts for the company and emails for each of the contacts.

"While the data itself might be non-sensitive, the availability of it online without any authentication is not something you would expect," said Diachenko. "The lawfulness of web scraping as a method of gathering data.

Comments