Breachroom by Templarbit
back to breaches overview

Kars4Kidsthe, the charity, had an unsecured MongoDB instance containing the information of over 21,000 donors

Parties Involvedkars4kids,
Disclosed PubliclyNovember 18, 2018
Initial Discoveryn/a
Leaked InformationEmail, Home Addresses, Phone Numbers, Vacation Vouchers
Attack VectorRansomware
November 12, 2018
Bob Diachenko,’s director of cyber risk research, earlier this month found the company’s MongoDB database on a server, wide open and without a password.
November 9, 2018
On Nov 3rd Bob Diachenko Director of Cyber Risk Research at and a senior advisor of found what appeared to be a publicly accessible MongoDB with personal details of 21,612 Kars4Kids donors and customers, plus super administrator password/login details.