Large Unprotected Database of Personal Information found in Delhi, India

2019, Breaches, February

Who: Indian Data Base

# of Records: 458,388

When it occurred:

What happened: A large Indian database of personal information was left unattended and unprotected in Delhi, India.

How did it happen: A 4.1 GB MongoDB database that appeared to be the property of Government of National Capital Territory of Delhi was found in Delhi, India. It required no password was left unprotected and unattended and available for public access even though​ it contained highly sensitive information (along with other data). It had been indexed by Shodan. The database appears to be somehow related to a company named Transerve. Transerve “offer solutions to make cities smarter, sustainable and effective in operation to impact the quality of life. All the collections, including ‘registered users’ and ‘users‘ contained references and emails with ‘transerve.com‘ domain, as well as hashed passwords and usernames for administrator access. The most detailed information contained in ‘Individuals’ collection which was basically a pretty detailed portrait of a person, incl. Aadhaar numbers, voter card numbers, health conditions, education, etc. “Households” collection contained fields such as ‘name’, ‘house no’, ‘floor number’, ‘geolocation’, area details, ’email_ID’ of a supervisor, ‘is the household cooperating for survey’ field, ‘type of latrine’, ‘functional water meter’, ‘ration card number’, ‘internet facility available’ and even ‘informan name’ field. Outcome: CERT India was notified and the database has been secured and taken offline. It remains unknown just how long the database was online and if anyone else accessed it. There is a huge danger by allowing an exposed MongoDB or similar NoSQL databases. Anytime there that you allow access with a lack of authentication you are inviting the installation of malware or ransomware. With the public configuration enabled there is a possibility that cybercriminals will be able to manage the whole system with full administrative privileges. Once they install the malware they can remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.