OnlineBloodBank Database - Leaked, Download!
by ahoytheremematies - October 28, 2019 at 08:02 AM
#1
Heart 
Hello RaidForums Community,
Today I have uploaded the OnlineBloodBank Database for you to download for free, thanks for reading and enjoy!


|Notes|
On the 22nd of January 2018, the blood donating website onlinebloodbank.com was breached because of a horrible security overlook where an admin directory with the donors list was publicly accessible. Only 1763 records from the 1.1 million have emails and this database/website was for Indian donors so keep that in mind.

Compromised data: Names, Email Addresses (1763), Dates of Birth, Gender, Blood Type, Telephone Numbers, Blood Center, Full Geographical Addresses

ContentsSpoiler
This data is provided in JSON format (see sample below), it was originally a bson file. The .7z File's MD5 Hash is 1A8AC10641B5CA66673E884C18D7C90B. Total record count of around 1128031.
{
        "_id": {
                "$oid": "5916cb9d0041b2052e8b4636"
        },
        "donor_name": "Mr.Phillip Sahoo",
        "donor_permanent_add": "",
        "donor_dob": "1989-04-03",
        "donor_gender": "M",
        "donor_mobile_no": "xxxxxxxx", (Redacted for Sample)
        "donor_telephone_no": "",
        "donor_email_id": "[email protected]", (Redacted for Sample)
        "bb_name": "CRCBB CUTTACK",
        "bb_city": "cuttack",
        "bb_pincode": "753007",
        "bb_address": "Blood Bank Compound\r\nMedical Road, Manglabag\r\nCuttack\r\nOdisha",
        "bb_contact_no": "06712302258",
        "donor_type_name": "Voluntary Donor(CAMP)",
        "district_name": null,
        "state_name": null,
        "blood_group_name": "O+ve",
        "source_name": "Blood bank Odisha",
        "present_pincode": null,
        "present_location": null,
        "present_district": null,
        "present_state": null
}
Downloads Hidden Content
You must register or login to view this content.

Reply
#2
Pretty appalling security on their behalf. Their site isn't even secure yet they're taking in such personal information from thousands of people, what's a bet that this went undetected. Good post OP!
Reply
#3
(October 28, 2019 at 08:10 AM)veinyboi Wrote: Pretty appalling security on their behalf. Their site isn't even secure yet they're taking in such personal information from thousands of people, what's a bet that this went undetected. Good post OP!

Came across this on a russian onion, so its probable.  Unsure of actual method of obtaining.  But, thank you nonetheless!
Reply
#4
(October 28, 2019 at 08:13 AM)ahoytheremematies Wrote:
(October 28, 2019 at 08:10 AM)veinyboi Wrote: Pretty appalling security on their behalf. Their site isn't even secure yet they're taking in such personal information from thousands of people, what's a bet that this went undetected. Good post OP!

Came across this on a russian onion, so its probable.  Unsure of actual method of obtaining.  But, thank you nonetheless!
When was this breached?
Reply
#5
(October 28, 2019 at 08:15 AM)veinyboi Wrote:
(October 28, 2019 at 08:13 AM)ahoytheremematies Wrote:
(October 28, 2019 at 08:10 AM)veinyboi Wrote: Pretty appalling security on their behalf. Their site isn't even secure yet they're taking in such personal information from thousands of people, what's a bet that this went undetected. Good post OP!

Came across this on a russian onion, so its probable.  Unsure of actual method of obtaining.  But, thank you nonetheless!
When was this breached?

It was posted 2 days ago.  Original date of the data says Jan** 2018 though.
Reply
#6
(October 28, 2019 at 08:13 AM)ahoytheremematies Wrote: Came across this on a russian onion

which one?
Reply
#7
(October 28, 2019 at 08:13 AM)ahoytheremematies Wrote:
(October 28, 2019 at 08:10 AM)veinyboi Wrote: Pretty appalling security on their behalf. Their site isn't even secure yet they're taking in such personal information from thousands of people, what's a bet that this went undetected. Good post OP!

Came across this on a russian onion, so its probable.  Unsure of actual method of obtaining.  But, thank you nonetheless!

This appears to be a leak that DataBreaches.net reported on in August.  See "Case 1" on https://www.databreaches.net/two-more-le...formation/.   

Looks like a lot of folks tried to get them to secure their data but they didn't.
Reply
#8
(October 28, 2019 at 11:57 AM)negativespace17 Wrote:
(October 28, 2019 at 08:13 AM)ahoytheremematies Wrote:
(October 28, 2019 at 08:10 AM)veinyboi Wrote: Pretty appalling security on their behalf. Their site isn't even secure yet they're taking in such personal information from thousands of people, what's a bet that this went undetected. Good post OP!

Came across this on a russian onion, so its probable.  Unsure of actual method of obtaining.  But, thank you nonetheless!

This appears to be a leak that DataBreaches.net reported on in August.  See "Case 1" on https://www.databreaches.net/two-more-le...formation/.   

Looks like a lot of folks tried to get them to secure their data but they didn't.

Didn't see that on initial quick look earlier.  Thanks for the link though, can confirm this appears to be that one indeed.
Reply
#9
(October 28, 2019 at 08:13 AM)ahoytheremematies Wrote: Came across this on a russian onion
which one?
Reply
#10
Thanks to both of you, used both links. Might be worth saving, seeing as it has birthdays & blood type, in case I get ready to croak & need a few quarts. lol !! Or I run into a Vampire needing a fix.
Reply
#11
(October 29, 2019 at 07:42 AM)craxon Wrote: Damn, I was literally forgotten about this  DB. I had this since long time.

I have not downloaded this data as I already have it, but I can confirm it by the count. It's exactly same from my json file.

So if anyone is curious how this was actually obtained, here is the link of original source. It has a bson file which we have to convert to json. Also some more data may be useful, may be not.

[Hidden Content]

It's the same exact data, mine is just extracted from the bson to json with bsondump.
Reply
#12
(October 28, 2019 at 08:13 AM)ahoytheremematies Wrote:
(October 28, 2019 at 08:10 AM)veinyboi Wrote: Pretty appalling security on their behalf. Their site isn't even secure yet they're taking in such personal information from thousands of people, what's a bet that this went undetected. Good post OP!

Came across this on a russian onion, so its probable.  Unsure of actual method of obtaining.  But, thank you nonetheless!

Im guessing this is a exposed mongoDB.
Can you link me the onion dump site in dms?
I need to build my collection lel.
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Whitepages Database - Leaked, Download! Databases 9 2,277 38 minutes ago
Last Post: pascalhk
MGM Resorts Database - Leaked, Download! [Exclusive] TWV35 35 3,932 3 hours ago
Last Post: pavefoc149
Snapchat Database - Leaked, Download! Loki 233 72,605 5 hours ago
Last Post: XYZZsd

 Users browsing this thread: 1 Guest(s)