Kars4Kidsthe, the charity, had an unsecured MongoDB instance containing the information of over 21,000 donors

Sourcehttps://techcrunch.com/2018/11/13/kars4kids-data-breach/

Parties Involvedkars4kids,

Severity

Medium

Disclosed PubliclyNovember 18, 2018

Initial Discoveryn/a

Leaked InformationEmail, Home Addresses, Phone Numbers, Vacation Vouchers

Attack VectorRansomware

Tags

November 12, 2018

1-877-KARS4KIDS had a data breach

Bob Diachenko, Hacken.io’s director of cyber risk research, earlier this month found the company’s MongoDB database on a server, wide open and without a password.https://techcrunch.com/2018/11/13/kars4kids-data-breach/

November 9, 2018

Children’s charity Kars4Kids leaks info on thousands of donors, internal passwords online, and evidence of a ransom attack.

On Nov 3rd Bob Diachenko Director of Cyber Risk Research at Hacken.io and a senior advisor of SecurityDiscovery.com found what appeared to be a publicly accessible MongoDB with personal details of 21,612 Kars4Kids donors and customers, plus super administrator password/login details.http://securitydiscovery.com/kars4kids-data-leak/