Major security alert as 40,000 MongoDB databases left unsecured on the internet
MongoDB, the open-source NoSQL company, faces a huge security alert after almost 40,000 of its customer databases were found unsecured on the internet, a document obtained by Information Age reveals.
One database alone – from an unnamed French telecommunications company – includes around 8 million customer phone numbers and addresses.
Three students from Saarland University in Germany – Jens Heyens, Kai Greshake and Eric Petryka – discovered that MongoDB databases running as a service or website backend on several thousand commercial servers were openly available on the internet. "Without any special tools and without circumventing any security measures, we would have been able to get read-and-write access to thousands of databases, including sensitive customer data [and] live backends of web shops," the students wrote.