Millions of corporate messages leaked by Miracle Software’s unsecured MongoDB instance

Cybernews reports that U.S. systems integration firm Miracle Software Systems has leaked more than 11 million messages involving over 3,000 corporate users within its Rocket.Chat platform as a result of an unsecured instance of the MongoDB storage database. Miracle Software may have had its whole infrastructure and client assets impacted by the exposed database, which included corporate secrets, plain-text passwords, and access information of its employees, according to Cybernews researchers, who noted that the database may have been publicly accessible for three or more days from November to December before being removed. Researchers also emphasized the security risks brought upon by the leaked database, which has information that could be leveraged in ransomware attacks. "Since there are a multitude of parties involved and a vast amount of credentials shared, a successful hit on this database could result in a domino effect for all of their partners. One good example of such a scenario is the MOVEit attacks of 2023," said researchers.