Sex Sells! Spanish Chain of "Men's Clubs" Exposed Its Database - Security

mongodb

#1

The following collections were part of the database and contained extremely sensitive information, such as:

  • 3,350 girls full profiles , with real names, DOBs, nationality, scanned IDs (stored as base64 output right >in the database) and internal comments left by management, e.g.:
  • 4,636 customers comments , with IP, email, name, coordinates and user device characteristics.
  • Clubs turnover stats
  • Internal configuration details (encrypted admin passwords and logins)
  • And many more.