Admin@kremlin.ru account found in thousands of MongoDB databases

    Dutch security researcher Victor Gevers stated that he discoveredhand of the Kremlin Admin@kremlin.ru administrative account in more than 2000 open MongoDB databases owned by Russian and even Ukrainian organizations.



    Among the discovered MongoDB open bases were Walt Disney Russia, Stoloto, TTK-North-West, and even the Ministry of Internal Affairs of Ukraine.






    The researcher immediately made the only possible conclusion [sarcasm] - the Kremlin, through this account, controls the finances of Russian business.


    True, all these detected MongoDB databases were installed with default settings, and anyone had read and modify access rights (Create, Read, Update and Delete).


    Regular news about individual cases of data leakage, promptly published on the information leakage channel .


    Also popular now: