Threat Watch

Private Data of Over 450,000 Delhi Citizens Exposed From MongoDB Instance

A MongoDB was found by researchers who were able to access the database without a password. Named GNCTD, which is short for Government of National Capital Territory of Delhi, it was found to contain 4.1 GB of data. The data was labeled in categories such as EB Registers, EB Users (14,861), Households (102,863), Individuals (458,388), Registered Users (399), and Users (2,983). Data that was included in the Individuals tab was Aadhaar numbers, voter card numbers, ration card numbers, designation, means of transportation, health conditions, monthly income, and education. Connections to a company by the name of Transverse were found and emails within the Users and Registered Users tab also had a transverse.com domain. Transverse was contacted directly but gave no response. CERT India was the next to be contacted and shortly afterwards, the database had been taken offline. Leaving a database like this open poses a major risk of malware being placed within the servers, giving cybercriminals the opportunity to obtain server resources and launch code that could steal or destroy the information on the server.

ANALYST NOTES

Users setting up a MongoDB database should enable role-based access control and enforce authentication. Communication and data should also be encrypted, and network exposure should be limited.