Large online dictionary leaks nearly 7M records

Glosbe, the biggest online dictionary, left a server exposed to the public, revealing personal data, encrypted passwords, social media identifiers, and other details of nearly seven million users.

Glosbe left an open MongoDB server, exposing millions of its users, the Cybernews research team has discovered.

Businesses employ MongoDB to organize and store large swaths of document-oriented information. MongoDB server misconfigurations sometimes leave instances accessible to the public, revealing vast amounts of sensitive data.

The team discovered the open database in late December 2023 and contacted Glosbe. While the organization did not reply to the team, the open instance was closed.

glosbe data leak sample
Sample of the leaked data. Image by Cybernews.

We contacted Glosbe for official comment about the leak but did not receive a reply before publishing this article.

According to our researchers, the open instance included a collection of Glosbe’s user records, including:

“The leaked information exposes users to severe risks, enabling threat actors to engage in identity theft, conduct phishing attacks, and gain unauthorized access to accounts, posing a grave threat to individuals’ privacy and security,” researchers warned.

Glosbe is a multilingual dictionary that claims to cover all languages. The service, much like Wikipedia, is developed by the members of its community.