A security researcher Bob Diachenko along with Comparitech uncovered a MongoDB database that was left open to the public without any authentication.
Who is the owner of the database?
The MongoDB instance is a part of MedicareSupplement.com’s marketing leads database. MedicareSupplement.com is an insurance marketing website that helps users find supplemental medical insurance available in their area.
What was exposed?
“The IP address of the publicly available database was first indexed on May 10, 2019 by public search engine BinaryEdge. We do not yet know whether anyone gained unauthorized access to the database,” Comparitech said in a blog.
What actions were taken?
Diachenko and Comparitech notified MedicareSupplement.com about the unsecured database. The insurance marketing company responded quickly by taking down the database and disabling public access.
“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers. The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges. Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains,” Diachenko said.