Breach, Compliance Management, Data Security, Incident Response, Network Security, Privacy, TDR, Threat Management, Vulnerability Management

‘Cruel’ lesson: GhostShell hacking group leaks 36M records as punishment for using databases on public servers

Calling its actions a “cruel reminder of what happens when you don't use proper security hygiene,” the notorious hacking group GhostShell doxxed approximately 36 million online accounts from various databases found on public servers that don't require credentials to access.

The infiltrated servers all run on the database software MongoDB. Posting the leaked data on Pastebin, GhostShell explained that these servers were left vulnerable via open ports that their owners did not bother securing.

It remains unclear what specific services these databases are associated with; however, additional investigation from ZDNet revealed that the doxxed cache contains names, usernames, birthdates, email addresses, phone numbers, passwords (some hashed), payment information, social account data, profile pictures, copious amounts of metadata, email content and more.

ZDNet found 626,000 unique email addresses in the cache, including over 1,300 .gov addresses from top agencies such as the FBI and DHS. Other emails belong to senior IT staffers at major tech companies including Apple, IBM and Microsoft.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.