Security researcher Bob Diachenko uncovered an unprotected MongoDB database hosted on Amazon AWS infrastructure that was left publicly accessible for over 2 weeks.
What information was exposed?
The database contained almost 275,265,298 records of Indian citizens with personally identifiable information (PII) such as names, email addresses, genders, dates of birth, phone numbers, educational details, professional skills, employment history, current employer and salary.
Who is the owner of the database?
Diachenko could not identify the owner of the database, however, he noted that the data could be collected by anonymous persons or an organization as part of a massive scraping operation.
The security researcher then notified Indian CERT about the leaky database. However, the database was open until May 08, 2019, when it got dropped by a hacker group ‘Unistellar’.
The hacker group deleted all the data and left a message “Restore? Contact: unistellar@hotmail[.]com”
“I have previously reported that the lack of authentication allowed the installation of malware or ransomware on the MongoDB servers. The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges. Once the malware is in place criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains,” Diachenko concluded.