A huge MongoDB database exposing 275,265,298 records of Indian citizens containing detailed personally identifiable information (PII) was left unprotected on the Internet for more than two weeks.

Security Discovery researcher Bob Diachenko discovered the publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as historical data provided by the platform showed, the huge cache of PII data was first indexed on April 23, 2019.

As he found out after further investigation, the exposed data included information such as name, gender, date of birth, email, mobile phone number, education details, professional info (employer, employment history, skills, functional area), and current salary for each of the database records.

Sample database record

While the unprotected MongoDB database leaked the sensitive information of hundreds of millions of Indians, Diachenko did not find any information that would link it to a specific owner.

Additionally, the names of the data collections stored within the database suggested that the entire cache of resumes was collected "as part of a massive scraping operation" for unknown purposes.

Exposed database contents

The researcher "immediately notified Indian CERT team on the incident, however, database remained open and searchable until today, May 8th, when it got dropped by hackers known as ‘Unistellar’ group."

After the database got dropped by the hackers, Diachenko discovered the following message left behind after deleting all the data:

The message left by the hackers

Diachenko found multiple other unsecured databases and servers, unearthing a publicly accessible 140+ GB MongoDB database containing a huge collection of 808,539,939 email records during Early-March and another one with over 200 million records with resumes from Chinese job seekers in January.

He was also the one who discovered the personal information of more than 66 million individuals left out in the open on the Internet during December and an extra 11 million records during September, with all of them being stored in misconfigured and passwordless MongoDB instances.

These data leaks are a thing because a lot of MongoDB databases are left publicly accessible by their owners and are not properly secured. This means that they can be blocked by securing the database instance.

MongoDB provides a Security section on the Documentation website which shows how to properly secure a MongoDB database, as well as a security checklist for MongoDB administrators.