They (for a long time) were default-no-auth is why.
Someone in a semi-technical role started one up, dumped a bunch of data on it, and it got left publicly accessible.
The problem is for people to be aware of the leaks, they need to be thinking about security at all, and I'd wager in most cases of mongo-based leaks, that wasn't even a consideration of the people who set them up.
Someone in a semi-technical role started one up, dumped a bunch of data on it, and it got left publicly accessible.
The problem is for people to be aware of the leaks, they need to be thinking about security at all, and I'd wager in most cases of mongo-based leaks, that wasn't even a consideration of the people who set them up.