License leak from ESET South Africa
The South African branch of the anti-virus company ESET allowed the leakage of user data, leaving the MongoDB database publicly available.
The 50 GB database contained such information about acquired licenses, such as: user names, license keys, license passwords, email addresses, more than 12 thousand license files.
In addition, there were white, black and gray lists of email addresses in the database, as well as user suggestions sent to technical support. In addition to all this, there were two administrative logins and hashed passwords for them.
The database was found through the search engine Shodan and was available both for reading and writing.
Freely accessible database was discovered on December 12th by security researcher Vladimir Dyachenko (Bob Diachenko), which he reported through Twitter .
On December 17th, this base was removed from open access, and ESET confirmed the incident:
It’s a responsive response. This information has helped us prevent malicious exploitation of this vulnerability.
Regular news about individual cases of data leakage, promptly published on the channel Information Leaks .