A story like this pops up every year and preventing ransomware/ mass-deletion of publicly exposed databases has proven to be very challenging to stop from happening. I mean, I wrote about this issue 5 years ago:
We've also sent the raw data to various database vendors for free but even for them it's difficult to reach out to customers to get it fixed. And then there's always the worry that you'll get shot as the messenger of bad news. We've had a lot more success in getting things taken offline when we already have some relationship with the organization or at least a mutual customer.
In the past, older versions of MongoDB were more public than newer versions but that isn't the case anymore based on what we're seeing right now:
And in terms of Shodan, we crawl 24/7 (i.e. not waves) and update the search engine as the data is collected with a small delay (<1 hour) so anybody that gets real-time notifications (https://monitor.shodan.io) for their networks will see it before it shows up on the search index.
https://blog.shodan.io/its-the-data-stupid/
We've also sent the raw data to various database vendors for free but even for them it's difficult to reach out to customers to get it fixed. And then there's always the worry that you'll get shot as the messenger of bad news. We've had a lot more success in getting things taken offline when we already have some relationship with the organization or at least a mutual customer.
In the past, older versions of MongoDB were more public than newer versions but that isn't the case anymore based on what we're seeing right now:
https://beta.shodan.io/search/facet?query=product%3Amongodb&...
And in terms of Shodan, we crawl 24/7 (i.e. not waves) and update the search engine as the data is collected with a small delay (<1 hour) so anybody that gets real-time notifications (https://monitor.shodan.io) for their networks will see it before it shows up on the search index.