Yet another unsecured MongoDB database discovered - this time exposing records of 275 million Indian citizens
The database was hosted on Amazon AWS and exposed via the Shodan search engine
A cybersecurity expert has discovered an unsecured and publicly accessible MongoDB database exposing personally identifiable information (PII) of millions of Indian citizens on the internet.
The database was first discovered on 1st May by Security Discovery researcher Bob Diachenko, according to BleepingComputer.
The database contained 275,265,298 records with detailed information on individuals, including their names, date of birth, gender, mobile number, email, educational qualifications, area of specialisation, employment history, salary and functional area in the job.
AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.
Diachenko revealed that the database was left unsecured on Internet for over two weeks. His investigation showed that the database was hosted on Amazon AWS using Shodan, and historical data provided by Amazon AWS indicated that the cache of PII data was first indexed on 23 April 2019.
Diachenko could not find any link in the database to speculate about the owner of database. The reverse DNS for the database did not show any results.
Diachenko immediately informed Indian Computer Emergency Response Team about the publically accessible database, but it was searchable until 8th May, according to Diachenko.
"Database with 250M+ very detailed Indian resumes that I reported a week ago was dropped by malicious actors. As per my investigation, database was not part of any company but rather scraped data collected by unknown org/person," Diachenko said in a tweet.
He revealed that the database was actually dropped by hacking group 'Unistellar' who wiped out the content of the database on 8th May.
However, this is not the first time Diachenko has discovered an unsecured database on internet.
In March, he unearthed a medical data leak, in which a health agency associated with the Indian government exposed 12.5 million records of pregnant women on a misconfigured MongoDB database. The unprotected database remained online for about a month before it was removed from internet by the medical agency.
In a similar incident, Diachenko unearthed a MongoDB database of more than 140GB, containing 808,539,939 email records left out on internet.
In December last year also, he found personal data of approximately 66 million people left unprotected on the Internet.
Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.
Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.
Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.