According to the report, the Hacken cyber consultancy team’s director of cyber risk research, Bob Diachenko, discovered the unprotected database on Oct. 25, and told The Next Web that it included customer names, phone numbers, addresses, PAN numbers and Aadhaar IDs.
Diachenko said the database was mostly encrypted, but that certain data sets included readable data. The largest had 689,272 records available in plain text, noted the report. The researchers said the Amex MongoDB database had been available on BinaryEdge – a popular list of exposed databases – since Oct. 20, but potentially even longer.