More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.
The affected data is created and stored by the open source MongoDB database application, according to researchers who have been tracking the ongoing attacks all week. On Monday, Victor Gevers, co-founder of the GDI Foundation, reported finding 200 such databases that had been deleted. By Tuesday, John Matherly, founder of the Shodan search engine increased the estimate to 2,000 databases, and by Friday, fellow researcher Niall Merrigan updated the count to 10,500.
Misconfigured MongoDB databases have long exposed user password data and other sensitive information, with the 2015 breach of scareware provider MacKeeper that exposed data for 13 million users being just one example. With the surge in ransomware-style attacks—which threaten to permanently delete or encrypt data unless owners pay a fee—hacks targeting MongoDB are seeing a resurgence. Many poorly secured MongoDB databases can be pinpointed using Shodan, which currently shows 99,000 vulnerable instances.