License leak from ESET South Africa

The South African branch of the anti-virus company ESET allowed the leakage of user data, leaving the MongoDB database publicly available.

The database of 50 GB in size contained such information about acquired licenses, such as: user names, license keys, passwords to licenses, email addresses, more than 12 thousand license files.

In addition, there were white, black and gray lists of email addresses in the database, as well as user suggestions sent to technical support. In addition to all this, there were two administrative logins and hashed passwords to them.

The database was found through the search engine Shodan and was available both for reading and writing.
Freely accessible database was discovered on December 12 by security researcher Vladimir Dyachenko (Bob Diachenko), which he reported through Twitter .

On December 17th, this database was removed from open access, and ESET confirmed the incident:

Security Team Responsible This information has helped us prevent malicious exploitation of this vulnerability.

Regular news about individual cases of data leakage, promptly published on the channel Information Leaks .