Miracle leak exposes 11 million corporate messages

Miracle Software Systems left an unprotected instance, exposing millions of messages between thousands of corporate users, some of which discussed corporate secrets.

Even though official documents are extremely sensitive, corporate chat histories can be just as revealing, especially when millions of messages are involved. Meanwhile, the Cybernews research team has recently discovered an open MongoDB instance with over 11 million Rocket.Chat messages between 3,062 users.

Rocket.Chat is an open-source collaboration platform that uses MongoDB as its default storage database, sometimes leading to data-exposing misconfiguration accidents.

“Based on our analysis, the entire Miracle Software infrastructure, and potentially the assets of their clients, were compromised,” researchers said.

According to the team, the exposed database contained two gigabytes of text messages. Essentially, everything that employees and customers discussed via Miracle’s Rocket.Chat platform was exposed. Only a small data sample revealed that the leak exposed:

  • Internal and external company secrets
  • Plain-text passwords
  • Access details shared by Miracle’s employees

Our researchers believe that the MongoDB instance was open for at least three days in the junction between November and December and is no longer publicly available.

Data leaks of this magnitude pose severe risks to companies, as millions of corporate messages provide malicious actors with the means to compromise sensitive information, conduct unauthorized access, and potentially exploit confidential company resources.

Miraclesoft sample
Sample of the leaked data. Image by Cybernews.

“The leaked data could facilitate targeted attacks resulting in a full system takeover, corporate espionage, and other malicious activities, posing serious risks to the company’s security and integrity,” researchers warn.

The team believes that this type of leak is a goldmine for ransomware gangs. These groups often target victims who have the biggest potential to allow for supply-chain attacks, a type of intrusion that allows hitting the victim’s clients down the line.

“Since there are a multitude of parties involved and a vast amount of credentials shared, a successful hit on this database could result in a domino effect for all of their partners. One good example of such a scenario is the MOVEit attacks of 2023,” the team said.

We have reached out to Miracle Software but did not receive an official comment before publishing.

Miracle Software is a US-based systems integration company with over 2,600 employees under its wing. The company claims to serve 42 Fortune 100 companies and lists IBM, Google Cloud, Microsoft, AWS, and others as its partners.

More from Cybernews:

Mother of all breaches reveals 26 billion records: what we know so far

HP Enterprise breached by state-backed Russian hackers

Cybercriminals crave cookies, not passwords

Tesla plans to build next-generation vehicles in mid-2025

Amazon’s Ring to stop sharing video with police without warrant

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked