Bob Diachenko writes:
On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals located in Delhi. A 4.1GB-sized database had been indexed by Shodan and was left unattended for public access.
The database was named “GNCTD” which also stands for Government of National Capital Territory of Delhi and contained the following collections and records:
- EB* Registers
- EB Users (14,861)
- Households (102,863)
- Individuals (458,388)
- Registered Users (399)
- Users (2,983)
Read more on Security Discovery.