At least 58 million people have had their personal information published on the internet – including their names, dates of birth, email and postal addresses, job titles, phone numbers, vehicle data, and IP addresses – after a hacker stole a massive unsecured database.And, if you think that sounds bad, there may be yet more hacked data still to be exposed.The sensitive information appears to have been exfiltrated from Modern Business Systems (MBS), a company that provides businesses with online data storage and database hosting solutions, by a hacker calling themselves 0x2Taylor on Twitter.
Posting a number of times over the weekend, the hacker released at least 58 million records stolen from MBS’s systems.At the time of writing, MBS has made no statement about the apparent security breach, but researchers claim that they were able to confirm that MBS was running an unsecured MongoDB database, open for anyone to access.So, an obvious question you might have is – are *you* affected by this security breach? Are you one of the people who might have had their personal information exposed?Unfortunately, it’s unlikely that you are directly a client of MBS. Indeed, you have probably never heard of Modern Business Systems.MBS’s customers are other companies, and it is those other companies who were entrusting their customer data with MBS. As a result, it may be unclear what steps you may need to take.One thing you can do, however, is take advantage of security researcher Troy Hunt’s “Have I Been Pwned?” service, which allows you to search for your details in wide range of data breaches, and has been updated to include the information exposed in the Modern Business Solutions hack.Worryingly, this might not be the end of the story however.In a private online conversation between 02xTaylor and security researchers, the hacker shared a screenshot which implies that he has access to an additional database table containing over 258 million rows of personal records.
Sadly, misconfigured MongoDB databases are all too common, and the use of search engines like Shodan has made it easier for hackers to identify internet-connected systems that are unsecured, or revealing themselves online when they should not be visible to the outside world.In December last year the Shodan blog reported that there were at least 35,000 publicly available, unauthenticated instances of MongoDB accessible via the internet.Frankly, connecting a naked server with no security in place straight to the internet is asking for trouble.Although there are security features built into MongoDB, it beggars belief that many administrators have still not correctly configured them or left them disabled.Past victims of hacks associated with MongoDB have included Verizon, and ‘elite’ dating site BeautifulPeople. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc