A Mexican bookstore that exposed millions of records through a publicly accessible database has had the data stolen and ransomed by hackers.
Libreria Porrua left the 2.1 million customer records online in a MongoDB database at two separate IP addresses, according to Comparitech, who collaborated with security researcher Bob Diachenko on the case.
The company, a bookseller and publisher with a history going back over 100 years, failed to respond to Diachenko when he notified it of the discovery on July 15. Three days later, the data had been wiped and replaced with a ransom note demanding around $500 in Bitcoin.
Public access to the database was disabled the next day, but it’s unclear whether the company paid the ransom or not.
Two sets of records were included in the trove: the first featuring names, addresses, phone numbers, emails, shipping numbers, invoice details and hashed payment card info. The second featured full names, dates of birth, phone numbers, discount card activation codes and more.
“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers. The public configuration makes it possible for cyber-criminals to manage the whole system with full administrative privileges,” Diachenko is quoted as saying.
“Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.”
Customers of the bookstore are potentially at risk from follow-on phishing attacks if the hackers decide to monetize their efforts further.
MongoDB has been a favorite target for hackers looking to capture and hold customer data to ransom over the past few years.
Several such cases emerged in 2017, but one of the most serious related to a 2018 incident when a database containing the voter records of over 19.5 million Californians was held to ransom.