Security researchers Noam Rotem and Ran Locar uncovered an unprotected database belonging to an ad company ‘X Social Media’ that helps law firms sign up potential victims from specific conditions of harm and injuries who submit their information in the hope of receiving legal relief.
What information was exposed?
The security researchers who found the leaky database notified the ad company, who responded immediately by taking the database offline. However, the company denied that it stored medical data, citing the findings as “inaccurate”.
“After being notified by TechCrunch about a security problems in MongoDB the X Social Media developer team immediately shut down the vulnerability create [sic] by a MongoDB database and did a night long log file review and we only found the two IP addresses, associated with TechCrunch accessing our database. Our log files show that nobody else accesses the database while in transit. We will continue to investigating this incident and work closely with state and Federal agencies as more information becomes available,” Malherbe, founder of X Social Media said.
However, when asked for the logs to verify the founder’s claims, the ad company declined.