The base of 43.5 GB contained personal data about 11 million users of the SaverSpy service.
On the Internet, an unprotected MongoDB server was discovered, in which 11 million SaverSpy marketing service users were kept open. The 43.5 GB database included full names, email addresses, physical addresses (state, city and zip code) information about the field of 10,9999,35 users. In addition to personal information, the database also contained DNS data and information on the status of emails received by the user.
According to the researcher Bob Dyachenko, who monitors unprotected MongoDB servers, the database was publicly available at least on September 13 this year. Apparently, the attackers already got access to it, since the database, in addition to the usual content, contained a notice demanding a ransom of 0.4 bitokoin ($ 2.4 thousand) for the return of stolen data. As the Google search showed, this notice and the address of the crypto-currency wallet, which was offered to transfer money, had already “lit up” in the extortion campaign, held in late June 2018. Then, several owners of MongoDB servers in China reported similar incidents.
Initially, it was not clear who owns the database, but further analysis showed that the server operator may be the marketing company SaverSpy. Representatives of the company did not react to the investigator’s report on the problem, however, on September 18, access to the server was closed.
Previously, the company Veeam Software, specializing in the development of solutions for virtual infrastructure management and data protection, has admitted leaking 445 million records of its clients. A database of 200 GB was stored on an open-source MongoDB server in the Amazon infrastructure