- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
- Full names
- Addresses
- Post codes
- Dates of birth
- National IDs
- Phone numbers *Genders
- Email addresses
- Telco metadata
- Breach status and social profile annotations
Good luck everyone.
You must log in or # to comment.
Misleading. Some researchers found an unsecured database, contacted the owners, and they secured it. There is no evidence of the data actually being leaked.
It’s not misleading. A database of personally identifiable information being exposed on the internet is a data leak. Personally identifiable information is legally required to be protected, while an exposed database on the internet is about as far from ‘protected’ as you can get.
The article and title make no claim to active selling or known exploitation of the data, but to write this off as nothing would be a mistake. Are you sure that only the Cybernews team found it?
The Cybernews team discovered the exposed MongoDB instance on November 11th, 2025 and immediately notified IDMerit. The company secured the database by November 12th.
We don’t know how long it was exposed for prior to it being discovered on the 11th - it might’ve been that day, it might’ve been a few months.
It is misleading to say it was leaked because there’s no evidence that anyone saw it.
If no ones data was stolen, was there a leak?
It was unsecured, but it was not leaked unless someone accessed it. To try and pretend that there’s no difference is pure idiocy.
If your house plumbing is leaking, its not a leak to you unless you see it? How do you know it hasn’t been accessed?
Thankfully we don’t need to rely on your definition of a data leak: https://www.fortinet.com/resources/cyberglossary/data-leak
A data leak happens when an internal party or source exposes sensitive data, usually unintentionally or by accident.
This is sensitive data that’s accidentally been exposed on the internet. That is a leak. You are misinformed on what a data leak is.
