Over 650 TB of Data Up For Grabs From Publicly Exposed MongoDB Database (csoonline.com)
itwbennett writes: A scan performed over the past few days by John Matherly, the creator of the Shodan search engine, has found that there are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, and their number appears to be growing. Combined they expose 684.8 terabytes of data to potential theft. Matherly originally sounded the alarm about this issue back in July, when he found nearly 30,000 unauthenticated MongoDB instances. He decided to revisit the issue after a security researcher named Chris Vickery recently found information exposed in such databases that was associated with 25 million user accounts from various apps and services, including 13 million users of the controversial OS X optimization program MacKeeper, as reported on Slashdot on Wednesday.
... deserves to lose their data as a lesson not top use amateur hour software.
Field data longer than 8kb? Ooh, can't index that and it won't get returned in a query using that index.
Shard gets corrupted? Oh bad luck, thats some of your data gone - unless you've used also replication in which case you'll have spent 2 months trying to set it all up.
Lots of concurrent writes? Yeah, well, with monogdbs single monolithic write lock - good luck with that.
Want a DB that uses encrypted network transfers between shards and replica sets? Sorry.
Want a DB that uses a sane query language - ie not one thats a nightmare mashup between pure javascript and parameter passing using javascript to an underpowered underlying query engine? Don't use mongo.
Etc , the list goes on.
Well, thanks to Rails and similar frameworks we've been treating the database as a dumb data repository for years. Not surprised that the kids have no idea how to make the things work properly.