Data of American Express customers in India breached

About 7,00,000 American Express customers in India had their personal details exposed online from an unprotected MongoDB server, which allowed anyone to access and edit the information.

The unprotected MongoDB server was discovered by Bob Diachenko, Director of Cyber Risk Research at a cyber-security firm Hacken, by using Shodan and BinaryEdge.

According to Diachenko, most of the data on the server was encrypted and required a decryption key to view. But 689,272 records were stored in plaintext, which contained readable links, Amex India customers’ phone numbers, names, email addresses, and type of card, were accessible to anyone who came across the database.

The 2,332,115 encrypted records contained more personal information including customer names, addresses, Aadhar numbers, PAN card numbers, and phone numbers.

ALSO READ: Facebook targets holiday shoppers; opens nine offline stores in the US

“Upon closer examination, I am inclined to believe that the database was not managed by AmEx itself but instead by one their subcontractors who were responsible for SEO or lead generation”, Diachenko said in a report by GBHackers.

Diachenko contacted American Express incident response team and they were quick to respond. The database was secured from public access. Also, the team confirmed there is no unauthorized access to the environment where the data resides.

Click here for Latest News updates and viral videos on our AI-powered smart news genie


Please enter your comment!
Please enter your name here