The hackers were quick to spot the database, which was completely unprotected; anyone with the right link could access its contents without any form of authentication.
The owner of the database is a bookseller in Mexico named Librería Porrúa, and it included the following information:
invoices with purchase detailsshopping cart IDpayment card info (hashed)activation codes and tokensfull namesemail addressesphone numbersdates of birthdiscount codesSecurity researcher Bob Diachenko discovered the MongoDB instance on July 15, a day after it had been indexed by the Shodan search engine.
Three days later, the contents of the database were wiped and a ransom demand took its place. The cybercriminals said that the information was backed up on their servers and asked for 0.05 BTC (about $500) to return it.
With no access protection to stop them, hackers were able to manage the contents with full privileges. This means that they could connect and manage it remotely just like an authorized admin with full management rights, Diachenko says.
Incidents where cybercriminals wipe databases and asking for a ransom have occurred since at least 2016 and continued through 2017, 2018, and 2019.
Tens of thousands of MongoDB databases were deleted this way because admins left them open on the internet. It must be noted that while paying the ransom may get the data back, it does not guarantee that the hackers don't keep a copy and resell it.
Furthermore, in many cases the attackers don't even bother to copy the information and just replace it with the ransom note. Avoiding incidents of this kind is not difficult, as long as Mo ..
Support the originator by clicking the read the rest link below.
