In another shocking revelation, a database of 275,265,298 Indians containing personal information was hijacked by hackers. The database containing personal information was unprotected and publicly indexed on the internet.
The breach was first reported by Security Discovery’s Bob Diachenko. The researcher claims that he discovered a publicly accessible MongoDB database that contains personally identifiable information (PII) of over 275 million Indians. He further revealed that the MongoDB database was hosted on Amazon AWS using Shodan. The historical data provided by the platform revealed that the huge cache of PII data was first indexed on April 23, 2019.
The research reveals that the personal information that was leaked includes name, gender, date of birth, email, mobile number, education details, professional info (employer, employment history, skills, functional area), and current salary. Interestingly, the researcher adds that while the database leaked the sensitive information of hundreds of millions of Indians, he did not find any information that would link it to a specific owner.
The researcher notified this to Indian CERT team, however, the database remained open and searchable until May 08, 2019. He further revealed that the data is now hijacked by hackers known as ‘Unistellar group’. The hackers have wiped out the content and replaced it a message to contact them.
Notably, he previously found multiple other unsecured databases and servers, unearthing a publicly accessible 140+ GB MongoDB database containing a huge collection of 808,539,939 email records during Early-March.