MANILA, Philippines – A week after a security researcher Bob Diachenko disclosed the discovery of an exposed MongoDB database holding more than 275 million records with Indian citizens' personal identifiable information (PII), a hacking group took the data and held it for apparent ransom.
The database contained the following PII for the 275,265,298 records.
Diachenko made the disclosure on May 1 (May 2, Philippine time) and also told Indian CERT (Computer Emergency Response Team) about the unprotected database.
Despite informing CERT in India, Diachenko said in a blog post the database remained exposed till May 8.
A hacking group known as Unistellar wiped the content and basically left a message where discussions could be held to retrieve the data.
Diachenko was unable to find out who organized the database, but said, "The structure and names of the collections in the database hinted that data was likely collected by [an] anonymous person or organization as part of a massive scraping operation." – Rappler.com
Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.