Misconfigured Mongo database exposes personal data belonging to MedicareSupplement.com, including medical details and first names
More than 5 million records belonging to MedicareSupplement.com were made available for the public use because of an open online database. According to the report, the Mongo database became available for the public due to improper protection. As a result, a large number of users' data, including full names, addresses, IP location, emails, date of birth, marketing-related details, medical data, and even the type of insurance the person is interested in (life, auto, medical and supplement areas of insurance), might have been revealed.
The insecure database was discovered by researcher Bob Diachenko on May 13th, in collaboration with Comparitech experts. Once these researchers informed the company that owns the MedicareSupplement.com about the database security issue, the access was disabled, and security measures were taken care of.
TZ Insurance Solutions runs the website to help individuals find suitable Medigap insurance plan from the provider that is not covered by the original Medicare. It is not believed that any information was removed from the public database, but people may be affected in the future due to this security incident, as the report stated:
The people whose information was exposed, particularly those whose records included insurance interest area, could be at risk of spam, targeted phishing, and fraud.
The exposed records contained personal information and marketing-related data
BinaryEdge search engine indexed the database on May 10, but the information may be available before that. There is still no information if any unauthorized access to the network was gained. The public database access has been disabled and proper security configurations installed. The company has stated that the needed effort to ensure the integrity and security of its network and system were made.
However, vulnerable database to MedicareSupplement.com stored various sensitive information that was probably not stolen. Nevertheless, the data stored on the database has value on the dark web and other hacker sources online. The information in MongoDB was spread through various categories on the database and included such sensitive details about users that when obtained and used by malicious actors can lead to identity theft.
Database access disabled – users still at risk of fraud
When such personal information gets exposed to the public people, become possible victims of fraud, spam, and targeted phishing attacks, identity theft. The researcher who collaborated with Comparitech, Diachenko stated in the report:
Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.
The lack of authentication allows the installation of malware on such servers like MongoDB. Such public configuration allows cybercriminals to manage the targeted system without the requirement to gain administrative rights.
People who use the service should be aware of the possibilities and take precautionary measures, especially the ones whose information about the particular insurance interest area was stored on these records.