Stories
Slash Boxes
Comments

SoylentNews is people

Open MongoDB Database Exposes Mobile Games Money Laundering Operation

posted by mrpg on Thursday July 19 2018, @04:33AM   Printer-friendly
from the hack-the-planet-hack-the-DB dept.

MrPlow writes:

Submitted via IRC for BoyceMagooglyMonkey

The US Department of Justice, Apple, and game maker Supercell, have been warned of a money laundering ring that uses fake Apple accounts and gaming profiles to make transactions with stolen credit/debit cards and then sells these game premiums on online sites for the group's profit.

This operation came to light in mid-June when security researchers from Kromtech Security came across a MongoDB database that had been left exposed online without authentication.

"As we examined the database we rapidly became aware that this was not your ordinary corporate database," said Kromtech researcher Bob Diachenko.

"This database appeared to belong to credit card thieves (commonly known as carders) and that it was relatively new, only a few months old," he added.

Source: Open MongoDB Database Exposes Mobile Games Money Laundering Operation

Original Submission

 
This discussion has been archived. No new comments can be posted.
Open MongoDB Database Exposes Mobile Games Money Laundering Operation | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Redundant) by c0lo on Thursday July 19 2018, @04:57AM (6 children)

    by c0lo (156) Subscriber Badge on Thursday July 19 2018, @04:57AM (#709219) Journal

    Open MongoDB Database Exposes Mobile Games Money Laundering Operation

    Just from curiosity, what's the relevance of the fact the info was stored by a MongoDB?

    For instance: is it an aggravating factor, like in "MongoDB is the database of choice for hackers"? Or, on the contrary, is it like "A good thing the info was stored in a MongoDB, with a plain text storage it may have been a catastrophe"?

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Moderation   -1  
       Redundant=1, Total=1
    Extra 'Redundant' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   1  

  • (Score: 4, Insightful) by Mykl on Thursday July 19 2018, @05:26AM (1 child)

    by Mykl (1112) on Thursday July 19 2018, @05:26AM (#709223)

    Just from curiosity, what's the relevance of the fact the info was stored by a MongoDB?

    Who cares? I'm more interested in whether it was powered by Blockchain!

    • (Score: 0) by Anonymous Coward on Thursday July 19 2018, @11:54PM

      by Anonymous Coward on Thursday July 19 2018, @11:54PM (#709678)

      But does Blockchain web-scale? MongoDB web scales [youtube.com].

      Aha the classics...

  • (Score: 2) by ewk on Thursday July 19 2018, @08:01AM

    by ewk (5923) on Thursday July 19 2018, @08:01AM (#709267)

    Wasn't MongoDB the one that (with some (hopefully older) versions?) installed itself (in the default configuration) with password-less admin-access?

    --
    I don't always react, but when I do, I do it on SoylentNews

  • (Score: 3, Informative) by takyon on Thursday July 19 2018, @01:01PM

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Thursday July 19 2018, @01:01PM (#709351) Journal

    https://kotaku.com/criminals-are-using-clash-of-clans-to-launder-money-ne-1827698965 [kotaku.com]

    Kromtech’s investigation started with a popular database-building software called MongoDB. For years, poor configurations allowed hackers to connect to and collect data from tens of thousands of MongoDB databases. Analyzing samples from one database, Kromtech happened upon these Clash of Clans criminals, who stored over a hundred thousands credit cards there. Those numbers, Diachenko presumed, were mined from other data breaches.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]

  • (Score: 1, Funny) by Anonymous Coward on Thursday July 19 2018, @02:32PM (1 child)

    by Anonymous Coward on Thursday July 19 2018, @02:32PM (#709415)

    MongoDB is web-scale!