Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Another MongoDB Server Left Unsecure

Researchers have found another MongoDB server which has allegedly been left in an open state with no password protection. The server is apparently owned by a massive SMS bombing company, that had the server keep all of their leads, over 80 million of them, in the same place. The MongoDB instance was named “ApexSMS.” SMS bombing is the act of sending multiple scripted text messages to a mass amount of phone numbers for many different reasons. This time it appears this server was used for marketing tactics. The database included MD5-hashed emails, IP addresses, phone numbers, carrier networks, names, city, state, postcode and country. The database also included copies of the messages that would be sent to the victims, trying to trick them into clicking a link, as well as copies of the responses that the users would respond back to the sender with. A few days after the discovery of the database, it was secured, but this does not mean others did not find it and copy it before then.

Analyst Notes

Just as a phishing email would be treated, users should never click on a random link that is sent to them, whether they were sent via email or whether it was sent through SMS message. Although this database is now “secure,” it is still possible that an attacker managed to find and copy the information in the database before it became secure. Because of this, users should watch out for an unknown message sent to them and being cautious of what they click on.