Amount of MongoDB data publicly exposed on the internet grows to 685TB
CouchDB, Cassandra, Redis and Riak are equally impacted, says Shodan founder John Matherly
A total of 684.8TB of data is exposed on the internet via publicly accessible MongoDB instances that don't require any form of authentication - which is an increase of 80TB since a developer at online devices search engine Shodan, John Matherly, investigated the matter in July.
Matherly initially found nearly 30,000 unauthenticated MongoDB instances in July - but he decided to revisit the issue after researcher Chris Vickery found data exposed in databases that were associated with 25 million user accounts from various apps and services, including 13 million accounts being exposed by MacKeeper.
In his new investigation, Matherly found that the number of publicly available, unauthenticated instances of MongoDB running on the internet had increased by 5,000. He said that these were hosted mostly on Amazon, Digital Ocean and Alibaba's cloud computing service Aliyun.
The increase in unauthenticated instances comes as a surprise because newer versions of the NoSQL database no longer have a default insecure configuration. According to Matherly, it means that a lot of people are changing the default configuration of MongoDB to something less secure and aren't enabling any firewall to protect their database.
"[In July] it looked like the misconfiguration problem might solve itself due to the new defaults that MongoDB started shipping with; that doesn't appear to be the case based on the new information. It could be that users are upgrading their instances but using their existing, insecure configuration files," said Matherly.
If the data stored on these databases includes personal or sensitive information such as names, birth dates, addresses and passwords then the issue may be extremely serious - but Matherly emphasised that it was not just an issue for MongoDB.