Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over 650 TB of Data Up For Grabs From Publicly Exposed MongoDB Database (csoonline.com)

Posted by samzenpus on from the have-some-data dept.

itwbennett writes: A scan performed over the past few days by John Matherly, the creator of the Shodan search engine, has found that there are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, and their number appears to be growing. Combined they expose 684.8 terabytes of data to potential theft. Matherly originally sounded the alarm about this issue back in July, when he found nearly 30,000 unauthenticated MongoDB instances. He decided to revisit the issue after a security researcher named Chris Vickery recently found information exposed in such databases that was associated with 25 million user accounts from various apps and services, including 13 million users of the controversial OS X optimization program MacKeeper, as reported on Slashdot on Wednesday.

2 of 96 comments (clear)

  1. Anyone who uses mongodb.... by Viol8 · · Score: 5, Interesting

    ... deserves to lose their data as a lesson not top use amateur hour software.

    Field data longer than 8kb? Ooh, can't index that and it won't get returned in a query using that index.

    Shard gets corrupted? Oh bad luck, thats some of your data gone - unless you've used also replication in which case you'll have spent 2 months trying to set it all up.

    Lots of concurrent writes? Yeah, well, with monogdbs single monolithic write lock - good luck with that.

    Want a DB that uses encrypted network transfers between shards and replica sets? Sorry.

    Want a DB that uses a sane query language - ie not one thats a nightmare mashup between pure javascript and parameter passing using javascript to an underpowered underlying query engine? Don't use mongo.

    Etc , the list goes on.

  2. Re:NoSQL is amateur land. by unimacs · · Score: 5, Insightful

    Why use a relational database like postgres when you have no intention of using its relational features just because it can also store JSON data?

    I'm a huge fan of postgres. I introduced it to the organization I work in probably 15 years ago and we continue to use it today. But there are some things it just doesn't do as well, - like scale, at least not as easily as a database like Cassandra can. Don't get me wrong, you give up a lot in many cases by not choosing an SQL database and it's not always the right choice. However, lack of critical thinking isn't inherent in using a NoSQL database. Lack of critical thinking is assuming a certain type of database is always the right choice for any future project, just because it's worked well in previous projects.