#MongoDB - A dumpster fire of cry laughter

Thankfully, a lot of interest is on MongoDB over the past few weeks. It's not a new problem, however, the more people reporting on it the more C-level people will ask the question of 'where is my MongoDB?'

John Matherly originally wrote about this in 2015 This entry has since been resurrected and will no doubt be again resurrected in another 12 months. A significant media outlet are taking note in this extortion practice and for me, whilst painful for the victims this is simply part of the stratagems associated with online survival.

There are circumstances in which you must sacrifice short-term objectives in order to gain the long-term goal. This is the scapegoat strategy whereby someone else suffers the consequences so that the rest do not.
— https://en.wikipedia.org/wiki/Thirty-Six_Stratagems#Sacrifice_the_plum_tree_to_preserve_the_peach_tree

So, with this in mind. Let's take a look at the data currently available as of 05/01/17. Data will be redacted, I don't want the responsibility of dealing with the consequences if they are eventually extorted.

  •  Job Site

IP address, location, current job title

  • Health data 

Passwords, DOB, Weight, Height, Phone number, Diabetic status, last login IP


  • An android .APK backend for tracking users of a Satellite app

Some further data included, Network type, IE: 3G, 2G