Over 275 Million Records Exposed by Unsecured MongoDB Database
Once again, a security researcher has found an unprotected database exposing the personal data of hundreds of millions of people. The leaky database, which had been online since at least April 23, contained 275,265,298 records of Indian citizens, including their name, gender, date of birth, email, mobile phone number and information regarding their education, profession and salary.
The researcher reported the incident to the Indian Computer Emergency Response Team (CERT-In) that is part of the Ministry of Electronics and Information Technology, but the office failed to take action. On May 8 the server finally went offline, but only because a hacking group dubbed “Uninstellar” found it and deleted the entire database before leaving a message urging the database owner to contact them in order to have the data restored. In other words, due to the poor security practices of the database owner and a lack of action by CERT-In, the private data of hundreds of millions of people is now in the hands of criminals.