Wired: A Plan to Stop Breaches With Dead Simple Database Encryption

Wired: A Plan to Stop Breaches With Dead Simple Database Encryption. “Data breaches and exposures have become so common these days, it’s difficult to keep track of them all, much less step back to mull a solution. But, perhaps out of necessity, researchers from the database giant MongoDB have spent the past two years developing a new database encryption scheme aimed squarely at reducing these damaging incidents. Their secret weapon? Radical simplicity.”

ZDNet: Meds prescriptions for 78,000 patients left in a database with no password

ZDNet: Meds prescriptions for 78,000 patients left in a database with no password. “A MongoDB database was left open on the internet without a password, and by doing so, exposed the personal details and prescription information for more than 78,000 US patients.”

Bleeping Computer: Over 12,000 MongoDB Databases Deleted by Unistellar Attackers

Bleeping Computer: Over 12,000 MongoDB Databases Deleted by Unistellar Attackers. “Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored.”

Wired: An Email Marketing Company Left 809 Million Records Exposed Online

Wired: An Email Marketing Company Left 809 Million Records Exposed Online. “Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses. The pair are going public with their findings today. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be ‘business intelligence data,’ like employee and revenue figures from various companies.”

ZDNet: Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server

ZDNet: Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server. “Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.”