New waves of cyber attacks and data breaches continue to occur, exploiting unprotected database or leaky servers that are publicly available without any authentication. Such open databases are accessible to anyone thus exposing files in the database. Misconfigured servers and unsecured databases are posing a great threat as it can be exploited by attackers causing data theft.

In this blog, we will be highlighting the top 8 data breaches occurred due to unprotected database /servers in order to create awareness and to learn from such breaches.

1. Unsecured MongoDB exposed 445 million records online

A misconfigured MongoDB hosted on Amazon Web Services (AWS) exposed 445 million records. The open database belonged to a Swiss-based data company Veeam. The unsecured MongoDB which was publicly available was uncovered by a security researcher Bob Diachenko on September 5, 2018. Diachenko immediately reported the database to Veeam. Later, the database was secured on September 9, 2018.

2. Unprotected Firebase databases of thousands of mobile apps exposed 100 million records

Unsecured Firebase databases of almost 3000 iOS and Android mobile applications exposed over 100 million records. Out of which 2446 were Android apps and 600 were iOs apps, and these apps belonged to various sectors including telecom, healthcare, education, financial institutions, hotels, cryptocurrency, and more. The exposed records included information such as usernames, passwords, location, banking details, and cryptocurrency transactions.

3. Unprotected ElaticSearch server exposed 82 million US users’ private data

An open ElasticSearch server which was not protected with authentication exposed private data of almost 82 million US users. The private data included names, email, addresses, states, zip codes, phone numbers, IP addresses, company details, job details, employee count, revenue numbers, NAICS codes, SIC codes, of over 82,851,841 US citizens. Security experts speculated that the exposed Elasticsearch instances could belong to Data & Leads Inc.

4. Misconfigured MongoDB exposed 66 million scrapped user profiles

An unsecured MongoDB database that contained over 66 million scrapped user profiles, was discovered in December 2018, adding to a total of over 120 million leaked profiles data discovered since October 2018. The exposed data included individual’s names, email addresses, location details, skills, employment history - likely to have been sourced from their LinkedIn profiles.

5. Open ElasticSearch server leaked private data of almost 57 million US citizens

An ElasticSearch server which was left publicly accessible for over 2 weeks without any password protection exposed private data of over 57 million US residents. The exposed data included personal information such as names, email addresses, phone numbers, states, ZIP codes, and IP addresses. However, the leaky server was later secured and was not accessible by the public.

6. Misconfigured Amazon S3 cloud bucket leaked 48 million records

Washington-based data firm LocalBlox has leaked personal profiles curated from different social media networks without users' knowledge or express consent. The UpGuard Cyber Risk team uncovered the misconfigured Amazon S3 cloud bucket which was publicly available without password protection on February 18, 2018.

The unprotected storage bucket contained 1.2 TB data of user profiles created by LocalBlox, combining data from different social media sources such as Facebook, LinkedIn, Twitter and Zillow. Researchers from UpGuard stated there were more than 48 million records of both businesses and individuals listed in the misconfigured database.

7. Leaky database exposed 32 million Sky Brazil users’ data online

SKY Brazil inadvertently exposed the data of 32 million customers publicly online. The exposed server was discovered by Brazilian security researcher Fabio Castro, who believed that the data was left exposed online long enough for attackers to have likely stolen data. The exposed data included customers’ full names, email addresses, phone numbers, street addresses, service login passwords, client IP addresses, and payment methods.

8. Unsecured storage server belonging to the Oklahoma Securities Commission exposed 3TB data

An unprotected storage server belonging to the Oklahoma Department of Securities exposed millions of files, containing personal data, systems credentials, and sensitive FBI investigations. The server was left publicly available with no password, accessible to anyone with an internet connection.

The UpGuard Data Breach Research team discovered the open server via Shodan search engine on December 7, 2018. UpGuard reported the unsecured server to Oklahoma on December 8, 2018. The research team noted that the server was publicly available since November 30, 2018.

The exposed files included years of FBI data including FBI interviews, emails among people involved with investigations, bank transaction history, and letters from witnesses.

Cyware Publisher