'Cruel' lesson: GhostShell hacking group leaks 36M records as punishment for using databases on public servers

The hacker or hackers behind GhostShell posted 36 million online records on Pastebin to show the dangers of using public servers that don't require credentials and that feature unsecured open ports.
The hacker or hackers behind GhostShell posted 36 million online records on Pastebin to show the dangers of using public servers that don't require credentials and that feature unsecured open ports.

Calling its actions a “cruel reminder of what happens when you don't use proper security hygiene,” the notorious hacking group GhostShell doxxed approximately 36 million online accounts from various databases found on public servers that don't require credentials to access.

The infiltrated servers all run on the database software MongoDB. Posting the leaked data on Pastebin, GhostShell explained that these servers were left vulnerable via open ports that their owners did not bother securing.

It remains unclear what specific services these databases are associated with; however, additional investigation from ZDNet revealed that the doxxed cache contains names, usernames, birthdates, email addresses, phone numbers, passwords (some hashed), payment information, social account data, profile pictures, copious amounts of metadata, email content and more.

ZDNet found 626,000 unique email addresses in the cache, including over 1,300 .gov addresses from top agencies such as the FBI and DHS. Other emails belong to senior IT staffers at major tech companies including Apple, IBM and Microsoft.


You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS