Researchers have found another MongoDB server which has allegedly been left in an open state with no password protection. The server is apparently owned by a massive SMS bombing company, that had the server keep all of their leads, over 80 million of them, in the same place. The MongoDB instance was named “ApexSMS.” SMS bombing is the act of sending multiple scripted text messages to a mass amount of phone numbers for many different reasons. This time it appears this server was used for marketing tactics. The database included MD5-hashed emails, IP addresses, phone numbers, carrier networks, names, city, state, postcode and country. The database also included copies of the messages that would be sent to the victims, trying to trick them into clicking a link, as well as copies of the responses that the users would respond back to the sender with. A few days after the discovery of the database, it was secured, but this does not mean others did not find it and copy it before then.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased