Unprotected MongoDB Exposes Scraped Profile Data of 66 Million

Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone’s reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles. The cache includes personal details that can identify users and could help adversaries create phishing attacks that are more difficult to recognize.

According to Bob Diachenko, Director of Cyber Risk Research at Hacken, the trove was exposed via a MongoDB instance that could be accessed without authentication. He found 66,147,856 unique records containing full name, personal or professional email address, user’s location details skills, phone number, employment history and a link to the individual’s LinkedIn profile.

Read more about the massive data leak on BleepingComputer.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief