TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    New York State Denies Air Permit to Greenidge Crypto Mining Facility on Seneca Lake

    July 1, 2022

    Australia emissions trading scheme ends ‘10 years of policy dysfunction’

    July 1, 2022

    British Virgin Island Court Orders the Liquidation of Three Arrows Capital

    July 1, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Elon Musk’s “Teslas in Tunnels” Las Vegas project is still happening, and here’s the first station

      July 1, 2022

      Meta warns employees of “serious times” in internal memo listing key product bets

      July 1, 2022

      The Supreme Court just took away an EPA tool to fight climate change — what happens next?

      July 1, 2022

      New York denies air permit to Bitcoin mining power plant

      July 1, 2022

      GM’s reportedly only making about 12 Hummer EVs a day

      July 1, 2022
    • Business
    • Cyber Security

      Auston Davis named CISO at Versant Health

      June 30, 2022

      Lessons learned from slew of recent data breaches

      June 30, 2022

      Cybersecurity from the inside out — Guarding against insider threats

      June 30, 2022

      We need the Foreign Intelligence Surveillance Act more than ever

      June 30, 2022

      IC3 issues warning on deepfake use in remote work applications

      June 29, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Unprotected MongoDB Instance Exposes 800 Million Emails
    Cyber Security

    Unprotected MongoDB Instance Exposes 800 Million Emails

    March 10, 2019Updated:March 11, 2019No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    An unprotected MongoDB database was recently found exposing over 800 million records, including email addresses and phone numbers. 

    Discovered on February 25 by security researcher Bob Diachenko, the MongoDB instance weighed in at 150 gigabytes and allowed anyone with an Internet connection to access the information within. 

    While most of the 808,539,939 records in the database’s four separate collections of data were email addresses, others were found to contain far more details, including personally identifiable information (PII).

    An Emailrecords section, which included 798,171,891 records, “was structured to include zip / phone / address / gender / email / user IP / DOB,” the researcher says. He also identified an emailWithPhone section containing 4,150,600 records and a businessLeads section that included 6,217,358 records.

    “Although, not all records contained the detailed profile information about the email owner, a large amount of records were very detailed. We are still talking about millions of records,” the researcher points out. 

    Diachenko says he checked some of the records against Troy Hunt’s HaveIBeenPwned database and discovered that this MongoDB instance was not part of a collection of data gathered from various breaches and leaks, but a completely unique set of data. 

    The unprotected Mongo instance was found to belong to a company named Verifications.io, which claims to offer the services of ‘Enterprise Email Validation’, but which would store emails submitted for verification in plain text. 

    The researcher reported the discovery to Verifications.io, which acknowledged that the database belonged to them, claiming that it was only briefly exposed and that it contained public information, not client data.  The company’s site was taken offline soon after and remains down. 

    Such services, the researcher notes, could be abused for malicious purposes, given the manner in which it works. It allows users to upload a list of email addresses they want to validate, then sends a “hello” message to these addresses, and validates them if the message doesn’t bounce back, or puts them in a bounce list for later validation. 

    This would allow an actor to submit thousands of emails and learn which ones are real. Armed with “a cleaned, verified, and valid list of users,” the actor can then start more focused phishing, or even brute forcing attacks, if they also have passwords associated with the emails. 

    “The database(s) included email accounts they use for sending mail as well as hundreds of SMTP servers, email, spam traps, keywords to avoid, IP addresses to blacklist, and more. This is why I initially thought they were potentially engaged in spam related activities. It turns out that technically they actually are sending unwanted and unsolicited emails,” Diachenko explains.

    The researcher also underlines that the company inexplicably took down both its site and the database, although it claimed that the data there was public. 

    In addition to email profiles and said PII, the database also exposed a user list (of 130 records), “with names and credentials to access FTP server to upload / download email lists (hosted on the same IP with MongoDB),” which was likely not intended to be public, Diachenko notes. 

    “The data exposed in this leak of nearly 809 million records is unique, and highly exploitable since it includes business intelligence data such as employee and revenue figures from various companies, as well as genders, user IP addresses, email addresses, dates of birth and more. If a bad actor were to discover this massive trove of data, they could easily validate the contact information for the users included to launch a more focused phishing or brute force campaign,” Chris DeRamus, CTO, DivvyCloud, told SecurityWeek in an emailed comment.

    “We live in a world where data is king—collecting, storing and leveraging data is essential to running just about any type of business you can think of. All the more reason organizations must be diligent in ensuring data is protected with proper security controls,” DeRamus added. 

    Related: Dow Jones Watchlist Found Exposed to Open Internet

    Related: Robocalling Firm Exposes U.S. Voter Records

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Auston Davis named CISO at Versant Health

    June 30, 2022 Cyber Security

    Lessons learned from slew of recent data breaches

    June 30, 2022 Cyber Security

    Cybersecurity from the inside out — Guarding against insider threats

    June 30, 2022 Cyber Security

    We need the Foreign Intelligence Surveillance Act more than ever

    June 30, 2022 Cyber Security

    IC3 issues warning on deepfake use in remote work applications

    June 29, 2022 Cyber Security

    Kurt John named Chief Security Officer at Expedia

    June 29, 2022 Cyber Security
    Editors Picks

    Australia emissions trading scheme ends ‘10 years of policy dysfunction’

    July 1, 2022

    British Virgin Island Court Orders the Liquidation of Three Arrows Capital

    July 1, 2022

    Turkey bans access to US and German public broadcasters

    July 1, 2022

    Deutsche Bank Sees Bitcoin Touch $28,000 By 2022 End, But Warns of Risks Ahead

    July 1, 2022
    Trending Now

    It’s a pivotal day for US climate policy

    By techbizweb

    Meta warns employees of “serious times” in internal memo listing key product bets

    By techbizweb

    FTX Abandoned Discussions to Celsius Network Acquisition – Report

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.