1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases

Discussion in 'BlackHat Lounge' started by ebusdk, Dec 18, 2015.

  1. ebusdk

    ebusdk Newbie

    Joined:
    Dec 7, 2015
    Messages:
    2
    Likes Received:
    0
    Occupation:
    Senior IT infrastructure specialist
    Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases

    Most hits are on DigitalOcean, Amazon and Alibaba Group hosted solutions
    Even if you are running latest version, you need to update the configuration files


     
  2. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,597
    Likes Received:
    34,727
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  3. cottonwolf

    cottonwolf Regular Member

    Joined:
    Jan 20, 2015
    Messages:
    469
    Likes Received:
    239
    at least mysql/mariadb comes with listening only on localhost
     
  4. ebusdk

    ebusdk Newbie

    Joined:
    Dec 7, 2015
    Messages:
    2
    Likes Received:
    0
    Occupation:
    Senior IT infrastructure specialist
    I dont understand why anyone in their right mind would let the ports be open through the WAN interface without any restrictions.
     
  5. ebusdk

    ebusdk Newbie

    Joined:
    Dec 7, 2015
    Messages:
    2
    Likes Received:
    0
    Occupation:
    Senior IT infrastructure specialist
    Thanks w130sn - I'm to new to post links :)