An insecure database has been discovered which leads to the exploitation of the personal details of a massive 58 million users of the in house data management firm, modern business solutions.
The database which hosts such a large amount of data storage services provider firm, Modern Business Solutions is said to have been attacked by unknown hackers who managed to get the MongoDB database server which hosted the company’s data. Apparently, the reason behind the attack is nothing other than that the MongoDB server was not well protected against some hack attacks.
The database in question is also said to have housed some critically important information which included the complete name of the user, their IP address, email IDs, occupation, the vehicle data and the date of birth of the close to 60 million users.
The profile of the hacker and his name is unknown at the time being but he is thought to be using the Twitter handle, @0x2Taylor.
He is also known for some recent high profile hacks and leaks and even in the past. The attacker was only identified on Twitter after he posted a copy of the stolen on his Twitter account, three times. He posted it thrice because the attacked company kept on getting the database deleted after each post.
Reports say that the Shodan search engine was the one which was used to discover the unprotected database, and apparently instead of informing the vulnerable company, he then decided to go forward with it and post it online.
The company has not released an official statement in relation to the hacking incident, but it is also being said that they are not doing anything to protect the unsecured databases. US based security firm, Risk Based Security firm later inspected the leaked data and they noticed the following. The MBS had not Information about the unprotected database which had information about the Hardwell clients. All the database tables which had hw_ on them are those that the MBS uses for the main program to data management.
Unfortunately, the number of hacking incidents continue increasing with each passing day and it is something that Risk Based Securities noted. The security firm said that there had been about 2,928 breaches which publicly disclosed for this year, something which had exposed about 2.2 billion records.
2.2 billion is definitely a big number, and the security firm research showed that of the 55 percent breaches which took place in the first six months of 2016, only 10,000 or fewer records were exposed. Of worry is that some of the high profile mega breaches have all come from some misconfigured databases.