Millions affected in major health data breach caused by a missing password

According to Cybernews, the database contained sensitive information on more than five million people, leaking things like names, ethnicity, nationality, religion, blood type, birth dates, gender, phone number, email address, CURP (Mexican personal identification number), expenses, hospitals visited, and payment request descriptions.

Shift in tactics

Kibana is an open source data visualization and exploration tool. It is used for analyzing and visualizing log data stored in Elasticsearch, a distributed, open-source search and analytics engine, commonly used for indexing and querying large volumes of data in real time.

Unprotected and poorly managed databases remain one of the key causes of data leaks, and this instance contained more than enough information to help threat actors mount identity theft, phishing, and possibly even wire fraud.

Luckily, health records or payment data were not exposed, however Cybernews stressed the CURP numbers are “a particular cause of concern”, since they are the Mexican counterpart to the US Social Security Number.

The database has subsequently been locked down, but it's not known for how long it remained open, or if someone found it before the researchers. We also don’t know if the victims have already been notified about the breach or not.

More from TechRadar Pro

• Mystery database containing sensitive info on 762,000 car-owners discovered by researchers
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now