- The leaky database that exposed records on the internet, contained two sets of invoice collections.
- The information leaked in the incident included drivers’ first and last names, Iranian ID numbers, phone numbers, and invoice dates.
An Iran-based ride-hailing firm has exposed over 6.7 million records due to an unprotected MongoDB database. The leaky database named ‘doroshke-invoice-production’ was discovered using BinaryEdge search engine.
What did the leaky database contain - The leaky database that exposed records on the internet, contained two sets of invoice collections - the first set dating back to 2017 and the second set was from 2018. While the first set which went by the name ‘invoice95’ included 740, 952 records, the second set named ‘invoice96’ contained 6,031,317 records.
The information leaked in the incident included drivers’ first and last names, Iranian ID numbers, phone numbers, and invoice dates.
Security researchers Bob Diachenko notes that the number of Iranian drivers potentially impacted by the exposure can be low as the database contains many duplicate sets of data.
“Please note that the total number of records might not be representative of the total number of affected people, since there could be duplicates (I am still analyzing the samples), but from what I’ve seen, each record was unique. I have recorded duplicates in the dataset, so the estimated number of unique entries is about 1-2 Million,” Diachenko explained.
What actions have been taken - The researcher has informed the Iranian CERT about the incident. In addition, Diachenko has also contacted researchers in Iran to determine who should be alerted of the situation.
"We were able to get in touch with a couple of drivers with an attempt to identify the owner of the database. At the same time, my colleagues have reached out to the biggest ride-hailing companies in Iran to confirm data origin," Diachenko wrote in a blog post.
Soon after the discovery, the researcher also contacted the ride-hailing firms in Iran. The unsecured database has been secured and is no longer accessible on the internet.