A cybersecurity researcher found a MongoDB database exposed online without any password to access it.
Bob Diachenko, cybersecurity researcher, a few days ago found a 4.1GB database with private data of 460.000 citizens of Delhi, including their identity documents.
Although it is not clear whether the database is linked to the Delhi territorial Government (GNCTD), Diachenko found different emails under the range of “senior supervisor” or “super admin” and with the domain “transerve.com”. This domain is associated with the Transerve Technologies website, what is a company that specializes in smart city solutions and advanced data collection.
There were records of more than 100.000 households, 450.000 people, and 15.000 registered users.
In the database records we can observe, among many others, data such as:
- Religion.
- Which means of transportation they use to go to work or school.
- Marital status.
- Full name and identification document
- Who the residence is registered to and their relationship with that person.
Diachenko reported that the data belonging to the table of “Individuals” was, in short, a detailed profile of a person, including their health conditions, education, etc…
But it could not be confirmed with certainty how long this data has been published and if anyone else has accessed it.