April 14 security researcher Chris Vickery from MacKeeper published his discovery on a corporate blog. It appears that personal information of 93,4 million Mexican voters was publicly available on one of the servers in Amazon cloud. This is a huge breach, since it concerns every Mexican citizen. This information was available to everybody at least since September 2015.
The 132 GB database contained voter registration data on 93,424,710 Mexican citizens and it was possible to connect to it without providing credentials. The database contained names, dates of birth, mother’s and father’s last names, occupation, and unique voting credential codes (number/identifier).
Unfortunately, absence of access credentials is a default configuration of MongoDB installation. We assume, the leak happened when database administrators decided to move the data into cloud to be able to process it faster, but forgot/were not able to turn on authentication.
So, MongoDB developers are also to blame for this leak.
