Veeam, A company that handles backup disaster recovery and intelligent data management software based in Switzerland markets itself as one of the biggest data company’s that are able to transfer data between multi-cloud infrastructure. However it would seem they have left over 200GB of MongoDB Data (445 Million Records) wide open.
Who spotted the Exposed Database?
A Security Researcher named Bob Diachenko also a former employee of KromTech Security published a Blog post when he found an AWS hosted Database when scraping with search engine Shodan. The database was exposed on August 31st, he doesn’t know how many records were exposed. The database has been quietly changed to the secure mode four days days after the discovery.
So what data exactly was exposed?
While the data didn’t consist of sensitive information, it did have some elements that could be useful to a hacker such as first and last names, Email addresses, customer’s nationality, and IP addresses.