Tens of thousands of online databases have been breached by what appears to be a single hacker or group of hackers. The databases in question appear to be managed by MongoDB, a database application.
A hacker or hackers going by the handle Harak1r1 has spent the last week or more gaining access to MongoDB-based databases and then threatening to either delete or encrypt the entire database. In exchange, Harak1r1 has demanded money in the form of BitCoin (0.2 BTC to be exact).
Latest reports suggest that over 27,000 databases (up from around 10,000 just a few hours ago) have so far been breached and, as ArsTechnica points out, 99,000 are vulnerable. The number of hackers/groups has gone up to at least 15, reports The Register. The ransom for the databases has also gone up to 1BTC (around Rs 61,000).
The problem appears to be restricted to MongoDB-based databases, but doesn’t seem to be a vulnerability in the application itself. The application needs to be configured properly for maximum security and it looks like misconfigured databases are the reason for this sudden spurt in breaches.
MongoDB has published a blog post explaining the situation, how you can prevent it and steps to check the integrity of your data.
If you remember the recent hacks in India by hacker group calling itself Legion, the group claimed to have compromised databases belonging to banking institutions, government email servers and the databases of Apollo hospitals.
Databases are the ledgers of the internet. If they’re compromised, a great deal of personal information will be at risk.