Web Scale
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
>hipsters in charge of security
Default config MongoDB server with data on 191 million American voters found by security researchers.
http://www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database/
>MongoDB
Who in their right mind would even use something called "Mongo Database" anyway?
And already sold to russian mobsters.
Hope americans enjoy identify fraud, since that's gonna be top dollar right now.
>>52106009
Beyond your date of birth, there's no information in there that they could use for identity theft.
Phishing or social engineering is a more likely outcome.
>>52106076
>lies
It even has the yearly breakdown for your actual votes.
>>52106100
Unless it has your social security number in there, there's nothing in there that can be used for identity theft besides the date of birth.
The leaked votes are useless if you're trying to open a credit card in someone else's name. It's an egregious breach of privacy, but it's not a huge threat to identity theft. State voter I.D. numbers aren't worth anything outside of elections.
Unless you've got proof that SS numbers were leaked, simply having someone's name and DOB isn't enough.
>>52105922
why is this stuff even logged?
>>52106152
>>52106100
>>52106076
>>52106009
I believe this is all public data regardless, but it's beyond the point.
This thread is about trusting some node script kiddie with the responsibility of properly securing a database. Or at least performing any configuration to one at all after installing it.
>>52106193
If it's all public data then I'd like to have a copy of 191 million people's compiled personal information, as it's only public data of course.
>>52106009
>>52106076
>>52106152
"Thankfully, there are no Social Security numbers, driver’s license numbers, or any financial information in this particular database, but full name, date of birth, and address and phone number with political party and other fields – are problematic enough when it comes to protecting our privacy and security."
>>52105922
>default config
if it was default it wouldn't have been listening remotely.
shitty b8
>>52106441
I'd assume it was something along the lines of this
http://www.securityweek.com/configuration-issue-exposes-30000-mongodb-instances-researcher
How can u search this DB?
>>52106527
The server location hasn't been published yet.
>>52106497
>it took MongoDB developers more than two years to actually address
Even the mongo devs have trouble with configuration, ha
>>52106497
???
oh, so the winshit installer ships with a dumb .conf?
>>52106632
The default conf was changed in July. However the mongodb server could have easily been running with the broken default pre-July 2015 conf.
>>52106632
This issue affected all platforms.
