In recent years, more and more MongoDB database servers have been found without any security measures and are directly exposed to the Internet for exploration. For example, we have mentioned that a database of a small loan company has not encrypted and leaked 899 GB of user data. The reality is that there are many databases which they are not configured with security measures, and are then detected and easily accessed by various scanners. This also gives many hackers the opportunity to directly search for such servers for theft of data, or to delete the data and then use it to blackmail the database owner.
Recently, hackers replaced the almost 1.2 million sensitive records it stored with a ransom note. The ransom of the deleted data was the well-known Mexican publisher Librería Porrúa. Data includes user invoices, account numbers, hash-encrypted payment information, activation codes and tokens, email addresses, phone numbers, and birthdays.
The researchers initially discovered the database on July 15th, and on July 18th the database content was completely deleted and left a message saying that the ransom was paid. The hacker indicates in the database that the entire database has been completely deleted, and if the database owner wants to get the data, he needs to pay $500. Of course, although only $500 is required to pay through bitcoin, the database was initially discovered without any security measures to protect it. This means that an attacker can simply modify, back up, or empty all data as if they had administrator privileges by simply connecting to their server address.