Unprotected database belonging to MedicareSupplement.com exposed almost 5 million user records

• The leaky database included almost 5 million records containing personal information of users such as names, addresses, dates of birth, gender, email addresses, and IP addresses.
• Additionally, almost 239,000 records were related to insurance interest area such as cancer insurance.

A security researcher Bob Diachenko along with Comparitech uncovered a MongoDB database that was left open to the public without any authentication.

Who is the owner of the database?

The MongoDB instance is a part of MedicareSupplement.com’s marketing leads database. MedicareSupplement.com is an insurance marketing website that helps users find supplemental medical insurance available in their area.

What was exposed?

• The leaky database included almost 5 million records containing personal information of users such as names, addresses, dates of birth, gender, email addresses, and IP addresses.
• The database also contained marketing information such as lead duration, clicks, landing pages, etc.
• Additionally, almost 239,000 records were related to insurance interest area such as cancer insurance.

“The IP address of the publicly available database was first indexed on May 10, 2019 by public search engine BinaryEdge. We do not yet know whether anyone gained unauthorized access to the database,” Comparitech said in a blog.

What actions were taken?

Diachenko and Comparitech notified MedicareSupplement.com about the unsecured database. The insurance marketing company responded quickly by taking down the database and disabling public access.

“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers. The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges. Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains,” Diachenko said.