A MogoDB server was leaked to the internet last week, stated security researcher Chris Vicker. After further research he concluded that it belonged to PG&E and the information found inside was standard for asset control systems, central hubs in which network and system staff keep a main database of details about hardware equipment and programs.
These types of servers are frequently found in large-scale enterprises, where the volume of computers can overwhelm even the very best sysadmin.
Vickery claims this particular server included information about over 47,000 computers from PG&E’s network. This involved regular PCs, virtual machines, servers, and all kinds of other equipment.
After the researcher informed PG&E about the breached server last Thursday, the corporation took it down, and quickly informed Vickery it was just a test machine with bogus information.
“Fictitious databases do not generally have areas specifically marked development, production, and enterprise,” Vickery replied to PG&E. “Fictitious databases do not generally have over 688,000 unique log record entries. This database did.”
The researcher currently has the copy of the database and will most likely hand it over to the US Department of Homeland Security for further analysis.
