Over 4,000 insecure Elasticsearch servers have been hosting the point-of-sale malware Alina and JackPoS.

More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others.

Spiral Toys has filed a breach notification with the California Attorney General’s office informing them of the CloudPets data breach.

Voice messages from children sent through an internet-connected toy called CloudPets were stolen from an exposed MongoDB database, which has been wiped clean and the data held for ransom.

A sudden wave of attacks against insecure databases resulting in ransom demands points to wave of data hijacking attacks.

Insecure Hadoop and CouchDB installations are the latest attack targets of cybercriminals who are hijacking and deleting stolen data.

The news of the week is discussed, including the ShadowBrokers’ farewell, GoDaddy’s buggy domain validation issue, MongoDB ransoms, and the latest with St. Jude Medical.

Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom.

A database of 3.3 million Hello Kitty users tied to a 2015 breach surfaced over the weekend exposing thousands of minors to potential credential theft.

Open MongoDB databases are being targeted by criminals who are deleting the contents and asking for a ransom.