A Swiss based company called Veeam left a 200GB MongoDB database wide open, exposing over 445 million customer records. The records contained names, email addresses, customer country, customer size, and some IP addresses. Read on to learn what happened.
Security researcher Bob Diachenko first stumbled across the breach on September 5th. He wrote about it and contacted both Veeam marketing and Marketo servers that day, but he was unsure how long this information was accessible.
Ironically, Veeam develops backup and disaster recovery software. Their Co-CEO Peter McKay published a statement here to state this breach was due to human error, and that there were only 4.5 million unique emails publicly available and no sensitive information.
The database that was open, MongoDB, already has a reputation of poor security standards. Since 2013 they’ve been targeted by ransomware because their databases used to be linked to a publicly accessible port by default. The idea was users could buffer their own protection as they took charge of a database, but many forgot.
This is another example of how it’s important to pay attention to how companies handle breaches. Veeam stepped up, but it took them almost a week and they could have been more explicit about what they are doing to compensate customers.
- Secure your accounts by changing your passwords regularly. Dashlane is the tool we use for this in our FixMeStick offices. It generates complex passwords and you can try it for 30 days for free by clicking here.
- Protect your communications with a VPN. Virtual private networks encrypt your internet activity so it can’t be intercepted, try Hotspot Shield or Nord today!
- Run a FixMeStick scan. Because of Veeam bad actors have access to 4.5 million email addresses. Ensure nothing malicious crept onto your computer and run a scan to keep your files safe.