The Swiss-based data company Veeam exposed more than 445 million records when it used a misconfigured MongoDB hosted on Amazon Web Services that did not require any password to access.

The 200GB open database was discovered by independent security researcher Bob Diachenko on Sept. 5. Diachenko said he immediately tried to inform Veeam about the issue, but received no response and the database remained totally open until Sept. 9 when it was locked down.

The information on the server spanned a four year period and was used by the company’s marketing team and included “the customer's first and last name, email, email recipient type (end-customer or partner), country, attributes values (which in some cases have IP address, referrer URL address, user agent etc.), and customer organization size (Enterprise (>5000), Commercial (500-5000), SMB (<500), ENT - Enterprise),” Diachenko wrote.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.