ABBYY 'temporary data breach' exposed 200,000 scanned docs

By on
ABBYY 'temporary data breach' exposed 200,000 scanned docs

Database left open to internet.

ABBYY, a maker of optical character recognition software, left an AWS-hosted MongoDB containing 142GB of scanned documents open to the public internet.

Independent security researcher Bob Diachenko found the openly accessible MongoDB instance and said it was taken down by the company within two days of being notified.

However, Diachenko said in a LinkedIn post that “questions still remain as of how long it has been left without password/login, who else got access to it and would they notify their customers on the incident.”

ABBYY said in a statement to Diachenko that the “temporary data breach ... affected one of our customers.”

“We corrected this issue and appreciated your validation that the vulnerability noted was resolved,” it said.

“We have notified the impacted party and have taken a full corrective security review of our infrastructure, processes and procedures.  Our commitment to security and trust is extremely important.”

The open database contained 200,000 “contracts, NDAs, memos, letters and other internal documentation, properly OCR'd and stored”, according to Diachenko.

ABBYY provides a wide range of software and apps for digitising paper-based assets.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?