Geeks for your information
Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server (/showthread.php?tid=4441)



Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server - silversurfer - 07 November 18

Quote:The personal details of nearly 700,000 American Express (Amex) India customers have been accidentally left exposed online via an unsecured MongoDB server.

The leaky server, which was left exposed online without a password, was discovered three weeks ago by Bob Diachenko, Director of Cyber Risk Research at cyber-security firm Hacken.

Most of the data on the server appeared to have been encrypted and required a decryption key to view, but the researcher says 689,272 records were stored in plaintext and accessible to anyone who stumbled upon the database.

The plaintext records, Diachenko says, contained the personal details of Amex India customers, such as phone numbers, full names, email addresses, and card type description fields. The data isn't overly sensitive but could be more than useful to power a spam campaign.

On the other hand, the encrypted records, which totaled 2,332,115 entries, contained more personal information. Based on the MongoDB table's header, this included customer names, addresses, Aadhar numbers, PAN card numbers, and phone numbers.

Source: https://www.zdnet.com/article/data-of-nearly-700000-amex-india-customers-exposed-via-unsecured-mongodb-server/