A website builder owned by a top Russian hosting provider has leaked millions of records with private user data.
Uid.me is a website builder created by the Russian tech company uCoz. Headquartered in Moscow, uCoz provides web hosting and allows users to build their own websites with its built-in content management system. uCoz is among the top sites for Russian-speaking users according to web traffic analysis company Alexa Internet Inc.
Cybernews research showed that more than 54 million uID.me users’ profiles were exposed to the public, dating from 2012 up to the present. The leak was caused by a misconfiguration on MongoDB, a document-oriented database platform, that left Uid.me data publicly accessible.
The exposed data included user contact details (email/phone), dates of birth (DOB), names, locations, user names and IDs, IP addresses, and timestamps. Furthermore, the database revealed password hashes, authentication hashes, secret answers, last visitor IPs, biographies, social media profiles, and links to photos.
According to cybersecurity researcher Bob Diachenko, the data was up for grabs on the internet for approximately a week until the company secured the database.
“With access to this comprehensive dataset, threat actors could conduct various malicious activities, including identity theft, phishing attacks, social engineering schemes, unauthorized access to accounts across multiple social media platforms, and potentially compromising individuals' online security and privacy,” says Diachenko.
The company has yet to respond to a Cybernews request for an official comment.
Your email address will not be published. Required fields are markedmarked