Stop me if you’ve seen a similar sentence or paragraph as the following. The first paragraph of this story says:
The Polish high-quality measuring instruments maker left an open instance revealing internal communications, including passwords shared via employee conversations.
The article continues:
While guarding company documents is paramount, the protection of internal corporate communications is hardly different. Meanwhile, the Cybernews research team has discovered an open MongoDB instance with over 256 gigabytes of Rocket.Chat messages pertaining to Sonel.
Stop me if you heard of Mongo databases being wide open like this.
The article talks about a system called rocket.chat. Unfortunately, this doesn’t seem to be the first time they’ve been mentioned, although I’ve never heard of them. The two paragraphs talking about them and other things state:
Rocket.Chat is an open-source collaboration platform that uses MongoDB as its default storage database, sometimes leading to data-exposing misconfiguration accidents.
“The exposed data, including company secrets and passwords, could empower malicious actors to exploit confidential details, compromise organizational security, and potentially lead to unauthorized access to critical systems and resources,” researchers said.
While WordPress uses SQL, we know that the password is one of the biggest components of running a successful blog or website using the platform.
The article states that it could have been server misconfiguration. Again, stop me if you’ve heard this before.
The likely reason behind the leak is server misconfiguration. The hosting provider’s firewall does not support IPv6 and ignores rules when connecting between its other account-independent servers.
The article is titled Sonel’s secrets spilled over leaked internal chat hopefully you’ll decide that its worth reading if you’re familiar with the company.
Thanks so much for reading and make it a great day!