Unprotected MongoDB Exposes Scraped Profile Data of 66 Million

Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone’s reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles. The cache includes personal details that can identify users and could help adversaries create phishing attacks that are more difficult to recognize.

According to Bob Diachenko, Director of Cyber Risk Research at Hacken, the trove was exposed via a MongoDB instance that could be accessed without authentication. He found 66,147,856 unique records containing full name, personal or professional email address, user’s location details skills, phone number, employment history and a link to the individual’s LinkedIn profile.

Read more about the massive data leak on BleepingComputer.