ZDNet: Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities

ZDNet: Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities. “A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment.”

Bleeping Computer: New Chrome Password Stealer Sends Stolen Data to a MongoDB Database

Bleeping Computer: New Chrome Password Stealer Sends Stolen Data to a MongoDB Database. “A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords.”

Naked Security: Attackers ransom bookseller’s exposed MongoDB database

Naked Security: Attackers ransom bookseller’s exposed MongoDB database. “Exposed MongoDB databases have become the easy money-maker ransomware criminals are busy filling their boots with. In mid-July 2019, another database fell to the extortion hackers, this time containing 2.1 million records belonging to well-known Mexican publisher and bookseller, Librería Porrúa.”

MongoDB Database Exposed 188 Million Records: Researchers (Bank Info Security)

Bank Info Security: MongoDB Database Exposed 188 Million Records: Researchers. “Security researchers have found yet another unsecured database that left personal data exposed to the internet. In this latest case, a MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed, researchers say.”

Threatpost: MongoDB Leak Exposed Millions of Medical Insurance Records

Threatpost: MongoDB Leak Exposed Millions of Medical Insurance Records. “MedicareSupplement.com is a U.S.-based marketing site that allows users to find supplemental medical insurance available in their area. Researchers on Thursday said that they found a publicly-available MongoDB database on May 13 that had been online for several days. The exposed data appeared to be part of the website’s marketing leads database and did not have a password or any authentication protecting it.”

Wired: A Plan to Stop Breaches With Dead Simple Database Encryption

Wired: A Plan to Stop Breaches With Dead Simple Database Encryption. “Data breaches and exposures have become so common these days, it’s difficult to keep track of them all, much less step back to mull a solution. But, perhaps out of necessity, researchers from the database giant MongoDB have spent the past two years developing a new database encryption scheme aimed squarely at reducing these damaging incidents. Their secret weapon? Radical simplicity.”

Wired: An Email Marketing Company Left 809 Million Records Exposed Online

Wired: An Email Marketing Company Left 809 Million Records Exposed Online. “Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses. The pair are going public with their findings today. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be ‘business intelligence data,’ like employee and revenue figures from various companies.”

ZDNet: Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server

ZDNet: Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server. “Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.”

ZDNet: CVs containing sensitive info of over 202 million Chinese users left exposed online

ZDNet: CVs containing sensitive info of over 202 million Chinese users left exposed online. “A security researcher has stumbled over an unsecured MongoDB database server that contained highly detailed CVs for over 202 million Chinese users. Who owned the database is still a mystery, said Bob Diachenko, Director of Cyber Risk Research at Hacken Proof, the one who found the server’s data left exposed online.”

TechCrunch: Garmin-owned navigation unit exposed thousands of boat owners’ data

TechCrunch: Garmin-owned navigation unit exposed thousands of boat owners’ data. “Navionics, an electronic navigational chart maker owned by tech giant Garmin, has secured an exposed database that contained hundreds of thousands of customer records. The MongoDB database wasn’t secured with a password, allowing anyone who knew where to look to access and download the data.”

Bleeping Computer: Data Management Firm Exposes 445 Million Records

Bleeping Computer: Data Management Firm Exposes 445 Million Records. “A database with over 200GB of data was found on a server left defenseless and open to public query, to anyone knowing where to find it. The storage included about 445 million customer records from Veeam, a Swiss-based company that provides intelligent data management services for virtual, physical and cloud infrastructures.”