Thousands of MongoDB databases ransacked, held for ransom
The cybercriminal behind the ransom raids on almost 23,000 databases threatens to leak the data and alert GDPR regulators
The cybercriminal behind the ransom raids on almost 23,000 databases threatens to leak the data and alert GDPR regulators
At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes. The newly introduced Field Level Encryption (FLE), which will be available in the upcoming MongoDB 4.2 […]
Hunt Open MongoDB instances on the internet efficiently. Features Worlds fastest and most efficient scanner ( Uses Masscan ). Scans entire internet by default, So fire the tool and chill. Hyper efficient – Uses Go-routines which are even lighter than threads. Pre-Requisites – Go language ( sudo apt install golang ) Masscan ( sudo apt […]
The Dec 2016 cyber extortion and espionage against MongoDB installation is still happening today in early 2019. Cyber espionage and extortion are lucrative businesses for cybercriminals. Extortion is a very profitable undertaking even before the Internet became a thing, and with the digitalization of data, means the ‘trust’ of customers are stored in a storage […]
China is often suspected to sponsor hack attacks against organizations and agencies in the US or Europe. However, this time around China itself has become a victim of a security breach. Reportedly, an unprotected MongoDB has exposed personal and professional details of more than 202 million people. HackenProof’s security researcher Bob Diachenko discovered that resume files of […]
Newly discovered unprotected MongoDB database exposed around 66 Million users records with different chapters and collection of data that looks similar as LinkedIn profiles scraped data. One of the widely used methods to gather data from the Internet is called web scraping or data scraping. The term refers to the use of a variety of methods for collecting […]
Another day, another data breach – This time, the IT security researcher at HackenProof have discovered a massive trove of personal data of over 66 million users exposed online due to an unprotected MongoDB database. In October and November 2018, HackenProof’s security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a […]
What could be more fateful than the fact that, an unsecured MongoDB server has exposed the personal data on 689,272 American Express India customers. Bob Diachenko, director of cyber risk research at Hacken – The researcher who discovered the server said in a blog post that the bulk of the data – more than 2.3 […]
Another day, another trove of sensitive data exposed online. This time, a MongoDB database containing a whopping 43.5GB of the dataset used in marketing campaigns has been left exposed for public access. The data was discovered by Bob Diachenko, an independent security researcher who noted that the database was available on an unprotected MongoDB hosted on Grupo-SMS hosting and […]
Sensitive information has been compromised ABBYY, a company that develops optical character recognition (OCR) and text scanning software, left exposed a server that contains 142GB of scanned documents of a client, so that anyone with Internet access can access them, without need to use a password. The MongoDB server hosted on Amazon Web Services accidentally configured for public access, […]
For the last couple of years, hackers have been exploiting unprotected MongoDB based servers to steal data and hold the exposed databases for ransom. Hackers leaked 36 million records of internal data collected from several vulnerable servers. The information security training researchers from German firm Kromtech conducted an experiment in which they purposely left a MongoDB database […]
For the last couple of years, hackers have been exploiting unprotected MongoDB based servers to steal data and hold the exposed databases for ransom. In order to raise awareness, hackers leaked 36 million records of internal data collected from several vulnerable servers. The seriousness of the matter can be understood by the fact that in July of 2015 John Matherly of Shodan, the world’s […]
MongoDB company implements new data security features in response to the recent wave of ransom attacks that hit installations worldwide. You have to admit that the bad actors are very good at leveraging a vulnerability into a lucrative opportunity. The latest example comes from MongoDB, a popular, open source database commonly deployed for big data applications on the […]
Ransom attacks on MongoDB databases rekindled last week and over the weekend with the emergence of three new groups that hijacked over 26,000 servers, with one group hijacking 22,000. The attacks, detected by security researchers Dylan Katz and Victor Gevers, are a continuation of the so-called MongoDB Apocalypse that started in late December 2016 and continued through the first months […]
Earlier in January, we heard about MongoDB ransomware that erased data from not hundreds but thousands of computers and forced the victims to pay ransom money. The same MongoDB ransomware is now back in the news but this time, it is even more powerful and the campaign is also quite sophisticated in design. In the recent […]
The number of hijacked MongoDB servers held for ransom has skyrocketed in the past two days from 10,500 to over 28,200, thanks in large part to the involvement of a professional ransomware group known as Kraken. According to statistics provided by two security researchers monitoring these attacks, Victor Gevers and Niall Merrigan, this group is […]
MongoDB database is being used by high-profile platforms worldwide but recently it is in the news for all the wrong reasons. It was just a couple of days ago when a researcher discovered a ransomware scam targeting Mongo users and now Chris Vickery and his research team at MacKeeper has discovered a database belonging to […]
MongoDB administrators are about to be tought a hard lesson in database management practices, as the number of hackers that are now involved with DB hijacking attempts has gone from one to three, and more are expected to join in the upcoming days. This Monday, Bleeping Computer broke the news that a hacker/group identified as […]
MongoDB is a famous, open-source NoSQL database. Organizations use them regardless of their size; from MetLife, LinkedIn, City of Chicago, Expedia, BuzzFeed to KMPG and The Guardian there are several other high-profile platforms that are currently taking advantage of MongoDB. At the same time, having a high-profile customer doesn’t mean that platform is completely secure. […]
Almost years again, we warned users approximately publicly on hand MongoDB instances – almost six hundred Terabytes (TB) – over the internet which require no authentication, probably leaving websites and servers liable to hacking. these MongoDB instances weren’t exposed because of any flaw in its software program, but due to a misconfiguration (horrific safety exercise) […]
An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing their content, and asking for a Bitcoin ransom to return the data. These attacks have been happening for more than a week and have hit servers all over the world. The first one to notice the attacks was security researcher Victor […]