Unsecure Database Leads to Exploitation of Personal Details of 58M Users of in-house data management firm Modern Business Solutions.
The famous database hosting and data storage services provider firm Modern Business Solutions (MBS) has been attacked by an unknown hacker who has managed to steal the company’s MongoDB database from its servers.
Reportedly, the reason behind the hack attack was that the MongoDB database wasn’t well-protected against hack attacks. It is also identified that this particular database contained critically important information such as complete name, IP address, email IDs, occupation, vehicle data and date-of-birth of about 58 million users.
The identity of the hacker is not disclosed as of yet but on Twitter, he uses the handle @0x2Taylor and also known for high-profile hacks and leaks in recent past.The attacker posted the stolen data on his Twitter account, not one, not two but three times. The attacked company kept getting the database deleted to stop it from being shared.
It is reported that Shodan search engine was used to discover the unprotected database. Instead of informing the company about it, he then went on to post it online.
As of now, the company hasn’t officially released any statement regarding the data hack but it is confirmed that they have not made any efforts to protect the unsecured databases. The leaked data was later inspected by US-based cyber-security firm Risk Based Security, and they revealed the following: The MBS did not provide information about whether the unprotected database had information about Hardwell Data clients. The database tables were prefixed with “hw_”. Hardwell Data is the main program used by the MBS for data management.
Nevertheless, the number of data breaches is increasing day by day. Risk Based Security noted that: “There have been 2,928 publicly disclosed data breaches so far this year, exposing more than 2.2 billion records. While 2.2 billion is a big number, RBS research indicates 55% of the breaches taking place in the first half of 2016 exposed 10,000 or fewer records. Unfortunately, some of the most notable “mega-breach” exceptions have come from misconfigured databases.”
MUST READ: HACKERS LEAK 36 MILLION+ MONGODB ACCOUNTS