Glosbe online dictionary leaks 7M users data via exposed database

Glosbe, a large online dictionary platform, has experienced a significant data leak due to an exposed unprotected MongoDB server. MongoDB, a popular database system used by businesses to manage extensive volumes of document-oriented information, can sometimes be misconfigured, resulting in public access to sensitive data.

The security oversight led to the unauthorized disclosure of personal information belonging to nearly seven million users.

The breach was identified by the Cybernews research team in late December 2023 when they discovered the publicly accessible database. Glosbe did not respond to responsible disclosure reports, but the exposed server was subsequently secured and closed.

The data exposed in the breach included a wide array of personal details such as:

• encrypted passwords,
• social media identifiers,
• additional user information.

No details are available about how long was the database exposed unprotected. It can't be confirmed whether malicious actors have found and exported the database.

This incident places millions of Glosbe users at risk of identity theft, phishing attacks, and unauthorized account access, severely compromising their privacy and security.