Level 4
The databases contain personal information that could be used for phishing attacks and identity theft schemes

Researchers have found close to 10.5 billion pieces of consumer data that has been left sitting in almost 10,000 unsecured internet-facing databases hosted across 20 countries. The data is said to include email addresses, passwords, and phone numbers.

The study was conducted by NordPass between June 2019 and June 2020 in cooperation with an unnamed white hat hacker, who scanned the web for Elasticsearch and MongoDB libraries in search of misconfigured databases.

It’s worth noting that three countries accounted for most of the exposed records, with France bearing the brunt (5.1 billion detected entries). China followed on 2.6 billion records and the United States came in third with 2.3 billion data points. When it comes to countries with the largest numbers of ill-configured databases, China came first (4,000), followed by the US (3,000) and India (500).

Since the information is stored in unprotected databases, cybercriminals would have to put in little to no effort to gain access to the data. With the records in hand they could wreak all sorts of havoc on their victims.

For example, the pilfered data could be used for social engineering attacks that are ultimately aimed at draining your bank accounts or at breaking into your other accounts. These attacks pay dividends especially if you recycle your passwords across various online services.


Staff member
Misconfigured databases are allowed, as it is a Feature, not human error.