| 18 Apr 2019 | ( words)

Database exposed in Iran

Bob Diachenko recently found an open MongoDB instance which contained sensitive information on Iranian drivers, part of a Ride-Hailing App.

This is not a unique situation to Iran. It’s common for us to find open databases regularly on worldwide scale. But now we will provide some insight into Iran, and look at 4 common databases used - MongoDB, ElasticSearch, Redis and Memcached.

But before that, what are the top Ports and Products have we detected in Iran?

Databases Exposed

Now, lets look at the number of some exposed databases. These are open, without authentication, accessible directly from the Internet - They might be exposing customer or business data.

MongoDB

MongoDB is a NoSQL database that sells itself as highly scalable, performant and agile.

  • Exposed Instances: 262
  • Number of Records exposed: 330,637,966
  • Total Size exposed: 113.84Gb

Elasticsearch

Elasticsearch is a distributed and scalable system that allows for search and data analysis in real time. It is schema-free, which means that the user has full control on how the data is indexed. Almost every action can be done using a RESTful API (using JSON over HTTP).

  • Exposed Instances: 103
  • Number of records: 3,451,722,567
  • Size of Data: 1723.46Gb

Redis

Redis is a key-value cache and store. It is a very well known and used technology

  • Exposed Instances: 150
  • Number of records: 919,399
  • Size of Data: 2.89Gb

Memcached

Memcached is a general-purpose distributed memory caching system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of times an external data source (such as a database or API) must be read.

  • Exposed Instances: 32
  • Number of records: 112,526,346
  • Size of Data: 91Mb

How to improve your security?

Some common advice we usually give regarding protecting your data.

  1. Read the documentation for your specific database, most have best practices on how to secure your database;
  2. Add Firewall rules so that external/non authorized devices can't access your data via the Internet;
  3. Add a Username and Password;