GhostShell hacker back with a bang, leaks 36 million user records from 110 misconfigured MangoDB servers
Twenty-four-year-old Romanian hacker GhostShell has returned with yet another leak of 36 million user records obtained from 110 misconfigured MongoDB servers, of which 3.6 million also include passwords. The hacker was in the news couple of months ago for doxing himself.
The hacker announced the data leak on Twitter and posted a link to a PasteBin URL where he wrote that the leak was aimed at raising awareness “about what happens when you decide not to even add a username and password as root or check for open ports.” The users also can find a statement regarding his reasons behind the hack, screenshots from all the hacked servers, and several links from where users can download the data.
The hacker added that most system administrators “don’t bother checking for open ports on their newly configured servers,” which can lead to anyone infiltrating the network and managing their internal data without any interference. You don’t even have to elevate your privileges, you just connect and have total access. You can create new databases, delete existing ones, alter data, and so much more.”
The download package is a 598 MB ZIP file, which when decompressed sizes up to 5.6 GB of data containing 110 folders named based on the hacked server’s IP. Each of these folders contains a screenshot as proof of the hacker’s access to the server, a text file with information about the hacked server, and the complete database dump.
The data includes user information such as real names, usernames, email addresses, passwords, gender, browser information, geolocation info, information about the user’s smartphone model, API credentials, social media details, and even avatar images.
In his statements, GhostShell says that he only used simple scanners like Shodan to reveal these databases. The hacker explains Project Vori Dazel, as he names his recent MongoDB hacking spree, as a public protest against poor security practices.
GhostShell says that all the databases he accessed had no username or password for the root account and had a large number of open ports.
According to a report by ZNet, security researcher Lee Johnston of Cyber War News discovered 626,000 unique email addresses as part of the data dump, which included over 1,300 government addresses from the US Department of Homeland Security, the IRS, the FBI, the FAA and the US Navy.
GhostShell also revealed that around 140,000 exclusive email addresses from one of the databases included information on “the top IT of the most wealthy corporations from the US”, such as Apple, Microsoft and IBM.
All these hacks from GhostShell are part of his Light Hacktivism campaign, which flourishes on finding and uncovering susceptibilities and poor security practices in order to have them modified. Earlier, the hacker also embarked on a more aggressive campaign called Dark Hacktivism. However, the hacker this time around has an issue with companies that deploy MongoDB without safeguarding them properly.
You can read the complete statement from GhostShell on Pastebin paste here.