UK Company Exposed Thousands of Personal Files Online
Kromtech Security Researchers discovered an exposed database that was identified as belonging to a Keighley based data services company called DM Print (DMP).
According to DMPs website they are a “Print and Direct Mail House, we specializing in litho prints, digital prints, and data services including bespoke data processing, data capture, and database management”.
Among other data, DMP stored in exposed MongoDB instance 31 thousands records including admin login details for that particular database. Once anyone had this information they could obtain highly sensitive health information such as name, date of birth, NIN number, address, investment data, and more. The combination of exposed UK NI (national insurance) numbers and investment holdings together in one place with such a complete customer profile makes this discovery a very serious breach. This is extremely sensitive data that should never be available to anyone except for trusted health professionals or financial advisors. To have this data openly available is a nightmare for any person or company.
The problem was once again a MongoDB database was exposed with the port open as a result of a manufacturer's firewall firmware flaw. The real danger to citizens is having cyber criminals use their data for fraud, extortion or other online crimes by using their private data. The danger for any company using an exposed MongoDB is losing the data to “Ransomware”. As many in the cyber security world may remember the infamous MongoDB ransomware that locked the data of tens of thousands of misconfigured MongoDB databases back in 2016. It affected nearly 1/3rd of all misconfigured databases and had spread to nearly 16,000 in just 2 days. In that instance the attackers wiped out data and demanded up to one bitcoin to return it. This attack forced users to decide whether to pay the ransom money to gain control of their computers or face losing their data. DMP is lucky this was discovered by Kromtech Security Researchers and not cyber criminals who could use this data for fraud or other crimes.
Researchers immediately reported the issue and it was resolved within a matter of minutes after the notice was sent. It is worth noting that it is rare to have such a prompt and efficient incident response from affected company.
DMP also provided us with the following statement.
“On 4 July we were made aware of a security vulnerability by a security research company which were able to access data. The vulnerability involved a single server. Immediately after this was reported, we secured the server. We have been advised by the company that the data accessed has been destroyed and there is no evidence of any further access attempts. A full review of security is now underway”
This is just another wakeup call for any data service provider big or small to take the time to test remote or public access and insure that only those who should access the files are the only ones with access. In the age of data being your business it is more important than ever to know and implement the most current cyber security methods available.
Attention - Portions of this article may be used for publication if properly referenced and credit is given to Kromtech Security Center.
Do you have security tips or suggestions? Contact: firstname.lastname@example.org