'No password' database error exposes info on 93 million Mexican voters Information on 93 million Mexican voters has been leaked online. Voter records were exposed as the result of a config error in a MongoDB database that meant that the information was left accessible by anyone who knew where to look. The database – hosted on Amazon AWS – included voters' names, addresses, voter ID numbers, dates …
It's a miracle the mail ever gets to you if your address isn't zero padded and fuzzed. VAirBnB&D is the best place to stay. My employer, [[10 digit primes]+2] never fails to make proper local deductions. I am a veteran hospitaler of 11 indigenous democratic authorities...
MongoDB really needs to stop their "install with no authentication enabled" mechanism.
Security seems to be way down their list of priorities. For a database that is often hosted in the cloud, that is an abysmal behaviour. Clearly they want to remove barriers to entry.
OTOH they provide free courses online that includes how to administer a cluster, so it really is the devs using it that are ultimately to blame.
Shame on the whoever is responsible for this incorrect config cock-up.
How can the setup / configuration of a database of all citizens be left to a single guy (or have no review / audit policy of any sort in place, given that even the simplest "IT security for Dummies" check would have caught that)?
And then, how is it even acceptable that such an official database be hosted in the cloud, by Amazon, in the first place? I'm pretty sure item #1 on most governmental data security policies is "don't upload private citizen data on Amazon or Google"...
... crooks are sending fake speed tickets impersonating the Swiss police. The letters (they are plain mail letters, to be more effective), are sent to people living nearby the border and contains details like correct names and addresses, 'fiscal code' (a sort of ssn, it can be computed, but it requires the date and place of birth also), plate numbers, and so on.
It looks to me some database has been compromised, and given the target, my guess is it could be one of those run by Regione Lombardia IT branch, but till now, despite the warning about the fake letters, no news about a data leak has been given..
It could also some insurance company database as well, what worries me is till now nobody cared about where those data came from...
I would assume insurance database. Here in the UK lots of "insurance claims" calls are made just after a legit claim is made/processed.
So someone somewhere is leaking and/or getting the data legally. The "insurance claims" calls are skirting the law by only charging ludicrous fees on possible personal court claims. So their just ambulance chasing, which is unwanted but not illegal.
Getting the data via the wrong means is though, and as these companies are not using the central database for an actual claim, but to sell you legal advice/services, then they really should get a big slap on the wrists.
@moiety
Maybe Britain can catch up if British couples need to hop to it in the breeding department!
"But sweetie! We've got to do it if Britain is ever going to catch up to Mexico!"
(What was it Queen Victoria said to one of her sexually restrained daughters that she married off? Something about "Lie back and think of England?" I guess Vicky was one smart lady!!)
I don't necessarily disagree with you, but just for the heck of it lets follow a line of thinking....
- My personal details belong to me
- My personal details are not accessible to anyone else
- My personal details include my financial details
- My financial details include my mahoosive, publicly-funded salary*
- My mahoosive, publicly-funded salary passes through an off-shore account and various tax avoidance mechanisms in order to make me even wealthier
...but all of that information belongs to me and nobody can see it, so nobody would ever find out about my fiscal shennanigans.
So how do we good guys get "the right" to know about the shady peoples' shady financial dealings.
* for the avoidance of doubt, this is purely for the sake of argument. In reality I'm a mid-level, tax-paying wage slave just like all the other good guys
One day, I woke up and the term "Ethical Hacker" because "Security Researcher".
Basically anyone who attempts to connect into someone else's systems without their authorization is a hacker. Nothing against ethical hackers of course, someone needs to keep people on their toes. Just pointing out the fancy, not-as-offensive name they're since given themselves. :)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
