Wired: An Email Marketing Company Left 809 Million Records Exposed Online

Wired: An Email Marketing Company Left 809 Million Records Exposed Online. “Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses. The pair are going public with their findings today. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be ‘business intelligence data,’ like employee and revenue figures from various companies.”

ZDNet: Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server

ZDNet: Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server. “Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.”

ZDNet: CVs containing sensitive info of over 202 million Chinese users left exposed online

ZDNet: CVs containing sensitive info of over 202 million Chinese users left exposed online. “A security researcher has stumbled over an unsecured MongoDB database server that contained highly detailed CVs for over 202 million Chinese users. Who owned the database is still a mystery, said Bob Diachenko, Director of Cyber Risk Research at Hacken Proof, the one who found the server’s data left exposed online.”

TechCrunch: Garmin-owned navigation unit exposed thousands of boat owners’ data

TechCrunch: Garmin-owned navigation unit exposed thousands of boat owners’ data. “Navionics, an electronic navigational chart maker owned by tech giant Garmin, has secured an exposed database that contained hundreds of thousands of customer records. The MongoDB database wasn’t secured with a password, allowing anyone who knew where to look to access and download the data.”

Bleeping Computer: Data Management Firm Exposes 445 Million Records

Bleeping Computer: Data Management Firm Exposes 445 Million Records. “A database with over 200GB of data was found on a server left defenseless and open to public query, to anyone knowing where to find it. The storage included about 445 million customer records from Veeam, a Swiss-based company that provides intelligent data management services for virtual, physical and cloud infrastructures.”

WIRED: If You Want to Stop Big Data Breaches, Start With Databases

WIRED: If You Want to Stop Big Data Breaches, Start With Databases. “While companies commonly use these databases to store tempting troves of customer and financial data, they often do so with outdated and weak default security configurations. And while any type of database can be left open or unprotected, a string of breaches over the last few years have all centered around one type in particular: open-source ‘NoSQL’ databases, particularly those using the popular MongoDB database program. Of course there are many types of hacks that can ultimately lead to data breaches, like using spear phishing to gain access to a network, but securing exposed databases is a relatively easy and concrete step organizations can take to strengthen their data defense.”