MongoDB Security Error Leaks 808m Records

Security researchers have discovered a massive trove of over 808 million records, including email addresses, phone numbers and other personal information (PII) left exposed on a MongoDB instance. Bob Diachenko claimed to have found the non-password protected, 150GB MongoDB instance at the end of February. A “mailEmailDatabase” contained three folders: with over 798 million email records in one; around 4.2 million email-plus-phone records in another; and 6.2 million “business leads” records in a third including gender, date of birth, mortgage details, corporate information, social media accounts and more. “As part of the verification process I cross-checked a random selection of records with Troy Hunt’s HaveIBeenPwned database. Based on the results, I came to conclusion that this is not just another ‘collection’ of previously leaked sources but a completely unique set of data,” explained Diachenko in a blog post. “Although, not all records contained the detailed profile information about the email owner, a large amount of records were very detailed. We are still talking about millions of records.” The researcher at first believed the plain text trove belonged to a professional spammer, but soon found out that the database owner was actually an “email validation” firm, — which tries email lists on behalf of its clients to see if they are still working accounts.

Read More

Keep me updated with the best

Get connected to thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.

I agree to the terms of service and privacy policy.