MongoDB instances at it again.
Another day, another data breach – This time, the Institute of International Education (IIE) in the United States has exposed highly sensitive records of users including foreign exchange students around the world.
For your information, among other things, IIE handles International Student Exchange, initiates programs of study and training for students, educators and professionals from various sectors around the world.
The incident in the discussion is related to two MongoDB databases owned by IEE that exposed the personal and financial data of students including documents uploaded on IEE’s website by students.
See: Hacker deletes entire university’s student newspaper website
It is worth noting that although both databases were left exposed without any security authentication, they did not store the data on them but contained active links with access tokens allowing anyone to get their hands on the data.
According to a blog post by Bob Diachenko, the researcher who identified these databases, thousands of individuals have been affected by the breach. The analysis of the data revealed that it exposed the following:
EmailsApplicationsPassport scansMedical formsAdmission lettersGrant documentsStudent transcriptsDossiers on studentsEnrollment informationScholarship informationFunding verification documentsVisa documents and applicationsW-4 federal tax withholding formsI-94s (US arrival and departure records)
The good news is that IIE took the matter seriously and secured the data based on Diachenko’s report. However, it is unclear if both databases were institute international education leaks thousands students
