Students at the Centre for IT Security at western Germany’s University of Saarland said Tuesday that they have discovered tens of thousands of unsecured databanks on the web.
“Anybody could retrieve and even alter several million items of customer data, including names, addresses, emails and credit card numbers,” the university in Saarbruecken on the Franco-German border said in a statement.
The reason for the weak level of security was a wrongly configured and freely available databank that millions of online shops and platforms use to offer their services.
The problem is the popular MongoDB programme, which is available as open source software free of charge.
“If operators stick blindly to the guidelines when they install the software and do not take crucial details into consideration, then the data is just sitting there unprotected on the internet,” the German researchers said.
The information-technology centre said it had informed the software producers and data managers of the problem.