- Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
silversurfer > 11-07-2018, 03:26 PM
Quote:The personal details of nearly 700,000 American Express (Amex) India customers have been accidentally left exposed online via an unsecured MongoDB server.
The leaky server, which was left exposed online without a password, was discovered three weeks ago by Bob Diachenko, Director of Cyber Risk Research at cyber-security firm Hacken.
Most of the data on the server appeared to have been encrypted and required a decryption key to view, but the researcher says 689,272 records were stored in plaintext and accessible to anyone who stumbled upon the database.
The plaintext records, You are not allowed to view links. Register or Login to view., contained the personal details of Amex India customers, such as phone numbers, full names, email addresses, and card type description fields. The data isn't overly sensitive but could be more than useful to power a spam campaign.
On the other hand, the encrypted records, which totaled 2,332,115 entries, contained more personal information. Based on the MongoDB table's header, this included customer names, addresses, Aadhar numbers, PAN card numbers, and phone numbers.
Source: You are not allowed to view links. Register or Login to view.