An unprotected cloud database hosted by data aggregator Adapt was recently found to have exposed over 9.3 million data records that included personal data as well as job descriptions of millions of individuals.
The said MongoDB cloud database was unearthed by security researcher Bob Diachenko earlier this month who noted that the database wasn’t password-protected and allowed anyone with an Internet connection to access the customers’ files.
Over 9.3 million data records available to all
The database contained as many as 9,376,173 personal data records that included first and last names, phone numbers, name of the companies where the individuals were employed, job titles, job descriptions, list of company domains, industry, company revenue, email confidence scores, total contacts available in the company, and emails of every contact in the company.
“While the data itself might be non-sensitive, the availability of it online without any authentication is not something you would expect. The lawfulness of web scraping as a method of gathering data is debated, but open access to private data is definitely illegal,” Diachenko wrote in a blog post.
Adapt, the data aggregator that hosts the unprotected cloud database, advertises itself as a service that provides free access to millions of business contacts and allows individuals to “enrich business profiles on any website with email, phone and a number of contacts”.
According to Diachenko, it is not clear if the database was made available to everyone on the Internet intentionally or whether the lack of password-protection was a result of a server misconfiguration, as is usually the case.
Even though Adapt is yet to respond to Diachenko’s query on the potential breach of personal data records, security researcher Troy Hunt has added the cloud database to his popular data breach repository on his website. You may click here if you wish to know whether the database contains your personal data or job description.