MongoDB flaws exposed 600TB Admin Data
MongoDB flaws exposed 600TB Admin Data, MongoDB software exploit, Vulnerability in MongoDB, MongoDB data leaked,
According to the John Matherly, the creator of Shodan, reveals that nearly 595.2 terabytes of the data were exposed by using outdated or unlatched version of the software. All the details can be easily accessed without any authentication.
MongoDB is a popular NoSQL database, alternative to SQL, an open source software, many companies already use it, including “The New York Times”, “Ebay”, and “Foursquare.” John Matherly argues that around 30.000 databases are exposed because administrators are using old versions of MongoDB, and these old versions fail to bind to localhost.
This security issue were already know, as a security researchers Roman Shtylman, had reported the issues in 2012. Shtylman realized that a critical bug because MongoDB was being shipped without authentication.
This is not the first time that the security industry is concerned by the security of MongoDB, in February 2015 nearly 40,000 entities running MongoDB were found vulnerable to cyber attacks.