A huge customer database containing 11 million records that include personal details, has been discovered on Monday sitting online, unprotected.
The data was available from a MongoDB instance set up on the hosting infrastructure from Grupo-SMS USA, LLC, and could be accessed by anyone able to find the path to it.
Independent security researcher Bob Diachenko found the information by scanning the internet using publicly available tools. His research revealed that the dataset had been last indexed by Shodan search engine on September 13, but it is unclear how long it was open for access before that date.
The collection is 43.5GB large and contains 10.999.535 email addresses, all of them from Yahoo!, the researcher says. It also holds names (first and last), physical addresses, ZIP code, and customers' state and city of residence.