A huge customer database containing 11 million records that include personal details, has been discovered sitting online, unprotected. The data was available from a MongoDB instance set up on the hosting infrastructure from Grupo-SMS USA, LLC, and could be accessed by anyone able to find the path to it.
Independent security researcher Bob Diachenko found the information by scanning the internet using publicly available tools. His research revealed that the dataset had been last indexed by Shodan search engine on September 13, but it is unclear how long it was open for access before that date.
Read more about the major data leak on BleepingComputer.