Breach, Data Security

5M records exposed by misconfigured MongoDB

A MongoDB containing more than five million records was found open to the public containing a wide range of PII.

The records were found by the security firm Comparitech and researcher Bob Diachenko on May 13 containing first and last name, full address, IP address, email address, date of birth, gender and marketing-related information. Additionally, 239,000 of the records also contained the type or area of insurance the person was interested in life, auto, medical, and supplemental insurance.

The database itself was indexed for the first time by the BinaryEdge public search engine, Comparitech wrote.

The company and Diachenko informed the company of the issue, access was quickly disabled and proper security precautions put in place.

At this time it is not believed any information was removed from the database. However, that does not mean the people in the database will not be negatively impacted in the future.

“The people whose information was exposed, particularly those whose records included insurance interest area, could be at risk of spam, targeted phishing, and fraud,” the report said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.