AMEX blunder left thousands of Indian customers’ personal info unsecured

A database belonging to American Express India was accessible to anyone for more than five days during October. The unprotected database, which was discovered by Hacken cyber consultancy team’s director of Cyber Risk Research,  Bob Diachenko on October 25, contained Amex customer names, phone numbers, addresses, PAN numbers, and Aadhaar IDs. Diachenko notes the database was mostly encrypted, but several collections hosted on ‘american expressindia.coin’ also contained readable data. The largest of those had 689,272 records available in plain text. The researcher says Amex’s MongoDB database was available on Binaryedge – a popular list of exposed databases – since at least October…

This story continues at The Next Web

from The Next Web https://ift.tt/2OttovL