Data of American Express customers in India exposed

Posted date 14/11/2018

On 23 October 2018, security researcher Bob Diachenko discovered an unprotected MongoDB database belonging to an American Express branch in India. This data was accessible from the Shodan and BinaryEdge.io search engines.

Although most of the data was encrypted, there was a database containing 689,272 exposed records, including telephone numbers, names, e-mail addresses and a short description of the card used by the user.

The security researcher reported the discovery to the American Express incident team, who secured the database the same day and indicated that they did not discover any evidence of unauthorized access to the database.