A Romanian hacker, going by the pseudonym GhostShell, has leaked around 36 million user accounts that include personal information like names, email addresses, date of birth, gender and more. The hacker reportedly downloaded a collection of databases from numerous connected servers.
The hacker claimed that he used primarily port-scanning tools, including Shodan.io, which is a search engine for web-connected devices, to identify the databases hosted on public servers. He also stated that the servers were running on the commonly used database software MongoDB. He labelled his hacking spree Project Vori Dazel – a public protest against lack of security practices.
GhostShell told Softpedia that he estimated 3.6 million of the 36 million user accounts he leaked online, also included passwords. The hacker announced the data dump by posting a link on Pastebin, where he wrote that the leak was aimed at raising awareness "about what happens when you decide not to even add a username and password as root or check for open ports."
The hacker added that most system administrators "don't bother checking for open ports on their newly configured servers," which can lead to anyone infiltrating the network and managing their internal data without any interference. You don't even have to elevate your privileges, you just connect and have total access. You can create new databases, delete existing ones, alter data, and so much more."
Although the origins of the databases as well as the identity of the operators are still uncertain, based on each of the company's characteristics, the databases hold information including full names, email address, usernames, passwords, gender, geolocations, social media information, browser data and more.
According to a report by Znet, security researcher Lee Johnston of Cyber War News uncovered 626,000 unique email addresses as part of the data dump, which included over 1,300 government addresses from the US Department of Homeland Security, the FBI, the IRS, the FAA and the US Navy.
GhostShell also divulged that around 140,000 unique email addresses from one of the databases included information on "the top IT of the most wealthy corporations from the US", such as Apple, Microsoft and IBM.
The sheer magnitude of the data dump places it as one of the largest successful breaches of the year. However, the most alarming part was the hacker's admission on how it could have been a much larger breach. "The worst part is that this is barely a fraction of what I could get my hands on," the hacker said.