Last monday Bob Diachenko posted about a discovery he made about exposing data from just over 11 million records of people in whom personal data of these were found.
A huge database of approximately 11 million email records was hacked. The access occurred on Monday and what all indicates, the database was full of personal information in addition to emails.
The problem
Data what were they done were stored in a MongoDB instance and are hosted in the SMS-SMS, LLC framework and, in turn, these data could be accessed by anyone that he knew how to use the correct tools.
Bob Diachenko, who is one of the most respected security researchers, managed to find such information on the internet using public tools.
When searching, Bob identified that this information was being indexed by the Shodan search engine. and that the last update occurred on September 13, however, he could not identify the other days before that Shodan managed to index the content and thus do it, the public.
The small file of only 43,5 GB that contains about 10.999.535 email addresses and all of Yahoo, it also contains first and last name, addresses, zip code, state and city.
The information in the database (emails with personal details) was pure gold for all types of people who use them for malicious purposes such as spammers, scammers, phishers of all kinds.
Identifying the state and city, many must have used such data to use in their practices of spammers, scammers, botnet, malware such as ransomware, spyware and many other harmful practices, and the risk of having many victims is certainly high, due to the assertiveness users' personal data.
The database that was compromised was analyzed and according to what has been seen, everything belongs to SaverSpy, But it is not only SaverSpy that uses this database, sites such as cupons.com and many other affiliate programs that offer offers all over the world, may be sharing this same database.
Human error
The server appears to belong to a California-based email marketing company. So far, the company that hosts the data has not wanted to say exactly which companies are users of this immense database.
Best of all, luckily no bank or credit card information appears in this leak.
Curiously MongoDB in question has already been tagged as 'Compromised' in Shodan and contained the 'Warning' database with the 'Readme' collection and a ransom note demanding 0.4 BTC to get the data back which contained a data collection with the following text:
»Your database is downloaded and backed up on our secure servers. To recover your lost data: send 0.4 BTC to our BitCoin address and contact us by email with the server IP address and proof of payment.
Any email without your IP address and proof of payment will be ignored. You can request a backup summary within 12 hours.
Then we will delete the backup. No problem! «
However, at the time of discovery, all data was intact. I am assuming this is the result of a failed attempt used by crooks (and sheer luck for the database owners).
Currently, the database is already isolated and in the next few days the search engine that indexed said information will surely have to delete the data.
In addition to the customer's personal information, the database also included DNS details about the email status (sent successfully or not), showing whether the email was processed and the response from the server.
You can see information about affiliate programs that can be included in the database or lack of access to the database published by the researcher.