689,272 plaintext records of Amex India customers exposed online

Personal details of nearly 700,000 American Express (Amex India) India customers were exposed online via an unsecured MongoDB server. The huge trove of data was discovered by Bob Diachenko from cybersecurity firm Hacken, most of the records were encrypted, but 689,272 records were stored in plaintext. The expert located the database by using IoT search engines such as Shodan and BinaryEdge.io.

689,272 plaintext records included personal details of Amex India customers’ phone numbers, names, email addresses, and ‘type of card’ description fields. The archive included 2,332,115 records containing encrypted data (i.e. names, addresses, Aadhaar numbers, PAN card numbers, and phone numbers.

Read more about the massive data leak on Security Affairs.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief