In today’s “FFS Moment,” Bob Diachenko reports:
On March 1st 2019, I discovered another non password protected MongoDB that appeared to contain data related to San Jose, California based Automation Anywhere. They are the developers of robotic process automation software but this backup contained an application created specifically for Automation Anywhere’s premier customer event called Imagine. We suspect this was created by a 3rd party contractor, but it appears to be Automation Anywhere’s customers, administrators, or associates.
A 2GB database was indexed by the Shodan public search engine on Feb 27 and was set open for public access and anyone could have accessed or edited the content.
Read more on SecurityDiscovery.