Hacker Held 22,900 MongoDB Databases to Ransom by Threatening to Report Firms for GDPR Violations!

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Hackers are once again finding unsecured MongoDB databases left exposed on the internet, wiping their contents, & then leaving a ransom note asking for a cryptocurrency payment for the data’s safe return.

ZDNet reports, that ransom notes have been left on almost 23,000 MongoDB databases that were  unprotected on the public internet, without a password.


Unsecured MongoDB databases being attacked by hackers is hardly new. In recent years security breaches involving exposed MongoDB installations have happened many times, affecting VerizonOCR software firm ABBYYdating websites, & others.

What makes this attack different is that the hacker threatens to ‘contact regulatory authorities if the victim does not pay up, to report them for a GDPR violation.

From an example shared by ZDNet, the ransom note asked for 0.015 Bitcoins (current prices about US $140) or data would be released, & the authorities informed.

Ransom Note

Part of the ransom note, which is in broken English, is as follows:

“All of your data is a backed up. You must pay 0.015 BTC to [REDACTED] 48 hours for recover it. After 48 hours expiration we will leaked & exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR & notify them that you store user data in an open form & is not safe. Under the rules of the law, you face a heavy fine or arrest & your base dump will be dropped from our server.”


If  a MongoDB database is wiped by a hacker & replaced with a ransom note, there are important points.

Will paying-up the ransom mean that you get your data back?

Almost certainly – no. The hacker may well have accessed 22,900 databases that were not properly secured online, but that is very different from actually having successfully exfiltrated what must be a large amount of data from so many servers.

There is no reason to believe that even if the data was copied by the hacker before it was wiped, that they will feel ‘duty-bound’ to return your data to you safely!

GDPR violation

Will you be reported for a GDPR violation?

It remains difficult to believe that a criminal hacker would make a GDPR complaint against victims, but, someone else might.

Those running a MongoDB database needs to ensure that they have set it up securely, & not left it open for havoc.


Despite MongoDB coming with security features, & providing a checklist for administrators to properly keep their databases out of the reach of unauthorised parties, breaches continue to happen.

The tools are in place, the information about how to use the tools is available, all that is needed is for system administrators to know that they need to fix their database security as a matter of upmost priority, or potentially be the next damaging hack.

Virtual Conference August


More To Explore

Community Area


Home Workouts


spaghetti Bolognese