Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
A CenturyLink customer information database with some 2.8 milliion records was found exposed on the public Internet, exposing personal details of hundreds of thousands of its customers.
Researchers from Comparitech and security researcher Bob Diacehnko found the misconfigured MongoDB database on Sept. 15. According to the researchers, the database – which was affiliated with a third-party notification platform used by CenturyLink – had been exposed for 10 months. It was locked down on Sept. 17, two days after the researchers alerted CenturyLink.
Customer names, addresses, email addresses, and phone numbers were exposed.