by Anna Mulamba
Someone forgot to close the figurative "door." A third-party vendor affiliated with CenturyLink misconfigured a MongoDB database leaving it open and accessible to the public for about 10 months.
CenturyLink, a Fortune 500 technology company, was alerted by a security research firm that approximately 2.8 million records were left unprotected and vulnerable to potential misuse. Included in the affected database were API logs containing multiple pieces of personally identifiable information (PII), including names, email addresses, phone numbers, and addresses, along with account-specific information.