Petco Mexico (@Petco) had a ‘cyber security’ incident as a result of MongoDB misconfiguration issue, with PII of its customers exposed in the wild for 24h+ at least. Order detail, phone, email, name : 3.8M+ records. Luckily, quickly addressed after my resp. disclosure. No comment though.

It is unclear if customers or authorities were informed of the exposure or who else may have had access to these records. We imply no wrongdoing or that customers were at risk and only publish our findings for educational and information purposes.

About The Author