cyber Breach

Transerve

May 11, 2023 1 min read
Transerve

Transerve became a victim of a data breach that affected all the collections, including ‘registered users’ and ‘users‘ contained references and emails with the ‘transerve.com‘ domain, as well as hashed passwords and usernames for administrator access.

The most detailed information contained in the ‘Individuals’ collection was basically a pretty detailed portrait of a person, incl. Aadhaar numbers, voter card numbers, health conditions, education, etc.

It remains unknown just how long the database was online and if anyone else accessed it, these attacks are able to occur because the MongoDB database is remotely accessible and not properly secured.

Source: https://securitydiscovery.com/delhi-citizens-data-leak/

TPRM report: https://scoringcyber.rankiteo.com/company/transervetech

"id": "tra41616223",
"linkid": "transervetech",
"type": "Breach",
"date": "02/2019",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'name': 'Transerve', 'type': 'Organization'}],
 'attack_vector': 'Unsecured MongoDB database',
 'data_breach': {'data_encryption': 'Hashed',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Highly Sensitive',
                 'type_of_data_compromised': ['Aadhaar numbers',
                                              'voter card numbers',
                                              'health conditions',
                                              'education',
                                              'hashed passwords',
                                              'usernames']},
 'description': 'Transerve became a victim of a data breach that affected all '
                'the collections, including ‘registered users’ and ‘users‘ '
                'contained references and emails with the ‘transerve.com‘ '
                'domain, as well as hashed passwords and usernames for '
                'administrator access. The most detailed information contained '
                'in the ‘Individuals’ collection was basically a pretty '
                'detailed portrait of a person, incl. Aadhaar numbers, voter '
                'card numbers, health conditions, education, etc. It remains '
                'unknown just how long the database was online and if anyone '
                'else accessed it, these attacks are able to occur because the '
                'MongoDB database is remotely accessible and not properly '
                'secured.',
 'impact': {'data_compromised': ['registered users', 'users', 'Individuals'],
            'systems_affected': ['MongoDB database']},
 'initial_access_broker': {'entry_point': 'MongoDB database'},
 'post_incident_analysis': {'root_causes': 'Improperly secured MongoDB '
                                           'database'},
 'title': 'Transerve Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Improperly secured MongoDB database'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.