Mexican Lottery Blocks Access to Foreign IPs Following Avaddon Ransomware Attack
Last updated September 17, 2021
Researcher Bob Diachenko has discovered three accessible and unprotected MongoDB instances belonging to the popular Mexican online bookstore “Librería Porrúa”. This is the second time that the same entity spills the beans over a period of three months, as they did the same think back in July 2019, exposing about 2.1 million records that included 960k customer profiles. That incident was discovered by Diachenko again, while the contents of the database were wiped by hackers who locked it down and demanded the payment of a ransom.
As it seems, the Mexican bookstore wasn’t shaken by this event, and they moved on to creating a new database to work with. Apparently, they left it exposed by not setting up a password again, and they have copied the ransom notices which were asking for a ransom of 0.05 Bitcoin from the previous event. The customer information that was exposed for a second time includes the full names of the clients, their physical addresses, their email addresses, their phone numbers, and their authorization tokens for accessing the online bookstore.
This time, the records that concern customer profiles are just over a million, so the new database contains about 61k more entries than the last time. The deduction from this is that the database is a live production one, used by Librería Porrúa for their online sales. The difference this time was the time taken for the bookstore to answer to Diachenko’s notification, as it only took them 24 hours to secure the database. Still, it’s almost comical that they managed to blunder again in such a short period of time.
Librería Porrúa is a historic entity in Mexico, selling and publishing books since 1910. Today, they operate more than 60 commercial libraries throughout the country, so they are renown and trustworthy retailer. As these recent events prove, however, no one can be trusted, especially companies who have back to back failures in protecting not only their client data but also their own technical infrastructure. For those of you who have bought a book from the particular online bookstore, you should reset your credentials immediately. Librería Porrúa is unlikely to send notifications or publish an official warning about the incident, as they didn’t do that last time either.
Will you be trusting Librería Porrúa with your personal data again? Let us know in the comments down below, or join the discussion on our socials, on Facebook and Twitter.