Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
A CenturyLink customer information database with some 2.8 milliion records was found exposed on the public Internet, exposing personal details of hundreds of thousands of its customers.
Researchers from Comparitech and security researcher Bob Diacehnko found the misconfigured MongoDB database on Sept. 15. According to the researchers, the database - which was affiliated with a third-party notification platform used by CenturyLink - had been exposed for 10 months. It was locked down on Sept. 17, two days after the researchers alerted CenturyLink.
Customer names, addresses, email addresses, and phone numbers were exposed.
"The data involved appears to be primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised," CenturyLink said in a statement to Comparitech. "CenturyLink is in the process of communicating with the affected customers. We will continue to work with our vendors to protect customer information."
Read more here.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024