Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
A CenturyLink customer information database with some 2.8 milliion records was found exposed on the public Internet, exposing personal details of hundreds of thousands of its customers.
Researchers from Comparitech and security researcher Bob Diacehnko found the misconfigured MongoDB database on Sept. 15. According to the researchers, the database – which was affiliated with a third-party notification platform used by CenturyLink – had been exposed for 10 months. It was locked down on Sept. 17, two days after the researchers alerted CenturyLink.
Customer names, addresses, email addresses, and phone numbers were exposed.
“The data involved appears to be primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised,” CenturyLink said in a statement to Comparitech. “CenturyLink is in the process of communicating with the affected customers. We will continue to work with our vendors to protect customer information.”
Read more here.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio