Miracle Software Systems left an unprotected instance, exposing millions of messages between thousands of corporate users, some of which discussed corporate secrets.
Even though official documents are extremely sensitive, corporate chat histories can be just as revealing, especially when millions of messages are involved. Meanwhile, the Cybernews research team has recently discovered an open MongoDB instance with over 11 million Rocket.Chat messages between 3,062 users.
Rocket.Chat is an open-source collaboration platform that uses MongoDB as its default storage database, sometimes leading to data-exposing misconfiguration accidents.
“Based on our analysis, the entire Miracle Software infrastructure, and potentially the assets of their clients, were compromised,” researchers said.
According to the team, the exposed database contained two gigabytes of text messages. Essentially, everything that employees and customers discussed via Miracle’s Rocket.Chat platform was exposed. Only a small data sample revealed that the leak exposed:
- Internal and external company secrets
- Plain-text passwords
- Access details shared by Miracle’s employees
Our researchers believe that the MongoDB instance was open for at least three days in the junction between November and December and is no longer publicly available.
Data leaks of this magnitude pose severe risks to companies, as millions of corporate messages provide malicious actors with the means to compromise sensitive information, conduct unauthorized access, and potentially exploit confidential company resources.
“The leaked data could facilitate targeted attacks resulting in a full system takeover, corporate espionage, and other malicious activities, posing serious risks to the company’s security and integrity,” researchers warn.
The team believes that this type of leak is a goldmine for ransomware gangs. These groups often target victims who have the biggest potential to allow for supply-chain attacks, a type of intrusion that allows hitting the victim’s clients down the line.
“Since there are a multitude of parties involved and a vast amount of credentials shared, a successful hit on this database could result in a domino effect for all of their partners. One good example of such a scenario is the MOVEit attacks of 2023,” the team said.
We have reached out to Miracle Software but did not receive an official comment before publishing.
Miracle Software is a US-based systems integration company with over 2,600 employees under its wing. The company claims to serve 42 Fortune 100 companies and lists IBM, Google Cloud, Microsoft, AWS, and others as its partners.
More from Cybernews:
Subscribe to our newsletter