In a recent turn of events, Glosbe, a prominent online dictionary platform, has found itself at the centre of a significant data leak. The breach, stemming from an exposed and unprotected MongoDB server, has put the personal information of nearly seven million users at risk.


What caused the data leak?

MongoDB, a widely-used database system favoured by businesses for its ability to manage vast amounts of document-oriented data, occasionally falls victim to misconfigurations. Unfortunately, such oversights can result in sensitive data becoming easily accessible to the public.

Upon discovering the publicly accessible database, the team promptly reported their findings. However, Glosbe failed to respond to these responsible disclosure reports. It wasn’t until the exposed server was brought to their attention that measures were taken to secure and close it.

The data exposed in this breach encompassed a plethora of personal details, including encrypted passwords, social media identifiers, and additional user information. Unfortunately, the duration for which the database remained unprotected remains unclear. Consequently, it’s impossible to confirm whether malicious actors were able to locate and export the compromised data.

This breach not only jeopardizes the privacy and security of millions of Glosbe users but also exposes them to various risks, including identity theft, phishing attacks, and unauthorized account access. This highlights the danger of such leaks, no matter the size of the organisation/business. Not only does this damage the reputation of Glosbe, but it also may lead to action being taken by the GDPR. This is why now, more than ever, enhanced Cyber Security practices are needed, and efficient employee training is crucial to avoiding accidental leaks.


The aftermath?

No comment has been provided by Glosbe yet. It is safe to assume though, that it will not end positively. 

Another lesson to learn here is the fact that no one is safe online. It doesn’t have to be a bank website for malicious users to launch cyber attacks, this is the perfect example.

We hope you’ve liked this blog and that you’ll stick around to see our future releases. We cover everything from recent IT News to Knowledgebase articles. Thanks for reading!