Abbyy Open Customer Database to be Found

The database without a password contained data on more than 200 000 customers
28 August 2018   680

Independent security specialist Bob Dyachenko found a unprotected database running on MongoDB with more than 200 thousand scanned private documents on the server of the Abbyy company. Among them - contracts, nondisclosure agreements, corporate usernames and scrambled passwords. This is reported by Tech Crunch.

The researcher told the company about the problem in early August 2018, and it shut down the server. August 27, 2018 Abbyy confirmed the leak, but did not explain why the server was not protected by a password. According to its representatives, only one client was compromised.

The incident in question concerns one rather than several customers and files bearing commercial information. The customer has been duly notified and we are cooperating on corrective measures.

Anna Ivanova-Galitsina

Spokeperson, Abbyy

In May 2017, another MongoDB DB was leaked. The specialists found a huge database with 560 million pairs of e-mail-password values.

Field Level Encryptoion to be Available at MongoDB

Field level encryption provides access to the database for several specified users at once and helps to follow GDPR rules
21 June 2019   697

MongoDB version 4.2 received support for field-level data encryption (FLE). A special driver on the client side of MongoDB is responsible for it. To read the data in the database, you need to access either the client or the encryption keys.

When we founded MongoDB, we wanted to give developers an easier way to work with data - wherever it lived in the stack. To be able to provide great new features that will make them more productive so they can spend less time wrestling with data and more time building great applications is extremely gratifying. Most importantly, these features work and feel like the tools they are already used to so they will experience a vastly improved database experience with a short learning curve.

Eliot Horowitz 

CTO and co-founder, MongoDB

So, if the database is still in public access, an outsider will not be able to read it.

As the MongoDB developers say, field level encryption provides access to the database for several specified users at once. In addition, it helps to comply to the GDPR, in particular, the “right to be forgotten” - in order to destroy all information related to the user, it is enough to destroy his personal key. After this, the data will not be used.