Security Researcher Bob Dyachenko found the database of the food delivery service “2 Banks” with personal data of service users in 15 cities is publicly available.
According to him, the data was available to any unauthorized user on an open MongoDB server, they could be viewed without authorization. The names of users, their full addresses and phone numbers were publicly available.
The database was available for at least a week from March 21 to March 27 for free download. In total, there were about 10.7 million rows in the database with a size of about 3.5 GB. The database was working, from March 21 to March 27, about 400 thousand new entries appeared in the database. Recall that Bob Dyachenko lives in Ukraine and has repeatedly warned that he will not notify Russian services about the vulnerabilities found.
Recall that in early March there was a leak of the database of users of the Yandex Food service. More than 50 GB of personal data of service users has been published in the public domain. In the future, pro-Ukrainian hackers were able to visualize the database.