ABBYY, a maker of optical character recognition software, left an AWS-hosted MongoDB containing 142GB of scanned documents open to the public internet.
Independent security researcher Bob Diachenko found the openly accessible MongoDB instance and said it was taken down by the company within two days of being notified.
However, Diachenko said in a LinkedIn post that “questions still remain as of how long it has been left without password/login, who else got access to it and would they notify their customers on the incident.”
ABBYY said in a statement to Diachenko that the “temporary data breach ... affected one of our customers.”
“We corrected this issue and appreciated your validation that the vulnerability noted was resolved,” it said.
“We have notified the impacted party and have taken a full corrective security review of our infrastructure, processes and procedures. Our commitment to security and trust is extremely important.”
The open database contained 200,000 “contracts, NDAs, memos, letters and other internal documentation, properly OCR'd and stored”, according to Diachenko.
ABBYY provides a wide range of software and apps for digitising paper-based assets.
