Another week, another leak [bleepingcomputer.com]:
A misconfigured MongoDB server belonging to Abbyy, an optical character recognition software developer, allowed public access to customer files.
Independent security researcher Bob Diachenko discovered the database on August 19 hosted on the Amazon Web Services (AWS) cloud platform. It was 142GB in size and it allowed access without the need to log in.
The sizeable database included scanned documents of the sensitive kind: contracts, non-disclosure agreements, internal letters, and memos. Included were more than 200,000 files from Abbyy customers who scanned the data and kept it at the ready in the cloud.
"Some collection names like 'documentRecognition,' or 'documentXML' hinted that database would be part of a data recognition company infrastructure," Diachenko writes in a blog post [linkedin.com] today.
[...] Volkswagen, Deloitte, PwC, PepsiCo, Sberbank, McDonald's are just a few of Abbyy's clients.
Should have used invisible ink.