Researchers find publicly accessible MongoDB databases with 11 million records

Security researcher Bob Diachenko discovered a publicly accessible MongoDB database containing 43.5 GB of data and a 10.999.535 Yahoo email address. Among other details, each record included in the database consists of an email address, full name and gender, and other sensitive personal data such as city and postal code, as well as the actual address.

More importantly, in addition to the email address, the database also has information about the status of the mail server when it contacts, detailing whether the message was sent or whether the server rejected the email. As Diachenko discovered, since the Internet device search engine indexed it on September 13, the database was online and exposed, including the “damaged” label and the 0.4 BTC ransom note.

Curiously, despite being successfully destroyed and bad actors asking the database owner for a ransom, the database was not encrypted when the researchers accessed the database. The exposed database did not provide any hints about who had the leaked data, but Diachenko found clues that the recorder could have been used as part of an e-marketing campaign operated by SaverSpy, a site known to handle offers from Coupons.com.

 

Diachenko contacted two organisations that were found to be associated with the exposed e-marketing database. Although no response was received from anyone, the database was quickly taken offline after his contact attempt. Although Diachenko did not find any payment card data or phone numbers, the email address and email status fields for each of the 11 million leaked records were invaluable for scammers, phishers and spammers.