Database With Millions of Indian Personal Records Exposed and Hijacked

Bob Diachenko writes:

On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields:

  • Name
  • Email
  • Gender
  • Education level and area of speciazliation
  • Professional skills / functional area
  • Mobile phone number
  • Employment history and current employer
  • Date of birth
  • Current salary

Unable to determine whose database it was, Bob contacted Indian CERT, but the database remained unsecured until May 8th, when it apparently was attacked by hackers known as ‘Unistellar’ group. Bob writes:

All the content was wiped out and the following message appeared:

Image credit: SecurityDiscovery.

Read more on SecurityDiscovery.

About the author: Dissent