Bob Diachenko writes:
On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for millions of families registered under Mukhya Mantri Parivar Samridhi Yojana (MMPSY), which is one of the largest social security programme in India rolled out in the state of Haryana.
According to Bob, the server was only exposed and indexed for a few days, but he deems it likely given how many more people are searching for — and attacking — unprotected noSQL databases.
The types of data involved included:
Among exposed data the following was visible:
- full name
- address
- mobile phone number
- marital status
- mother’s name
- spouse name
- gender
- date of birth, age
- Aadhar number
- income details and many more.
Read more on SecurityDiscovery.