1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exposed database allowed read/write access to Microsoft's career portal

Discussion in 'CSO' started by RSS, Feb 13, 2016.

  1. RSS

    RSS New Member Member

    A jobs portal used by Microsoft applicants had a misconfigured MongoDB installation that exposed some information and enabled read/write access to the website. The database was quickly secured, but the incident highlights the importance of monitoring and verification when it comes to third-party development projects.

    The misconfigured MongoDB installation was discovered by Chris Vickery.

    Vickery has worked with Salted Hash on a number of stories [1], and he recently started working with Kromtech as a security expert not long after he discovered 13 million MacKeeper accounts in a misconfigured database late last year.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page