The actors behind the information-stealing GootKit trojan apparently slipped up and left open two MongoDB databases last July, briefly exposing data that they had lifted from thousands upon thousands of infected victims.
Bob Diachenko, cyber threat intelligence director at Security Discovery, revealed in a company blog post yesterday that he spotted the open servers last July 5. By July 10, the actors seemed to become aware of the issue and made the data private.
Diachenko found 32 separate collections of data, including folders that contained, in plain text, victims’ passwords, system configuration details, bank accounts, mail account logins and credit card details, plus information on the online shops they visited. Altogether, Security Discovery counted 1,444,375 email accounts, 2,196,840 passwords and configuration pairs, and 752,645 usernames.
All of the the infected machines listed in the databases were based in Europe, the region that GootKit has historically targeted. Users in Poland, France, the U.K., Italy and Bulgaria were most often affected.
ZDNet, which first reported on the data leak and was granted access to ..
Support the originator by clicking the read the rest link below.
