The Cambridge Institute of International Education (CIEE) has secured a MongoDB database that exposed the details of over 600,000 international students studying in the US, along with data on 12,000 host families.

The student information contained details such as real names, contact emails, phone numbers, CIEE account details, CIEE account passwords, family information, and passport details.

The researchers found the data in a MongoDB database that featured no authentication on the root account, a common problem with older versions of MongoDB.


The database was found via Shodan

MacKeeper Security Research, the security team that found the database using Shodan, contacted CIEE so that the company would secure their data. The researchers didn’t get any answers, but with the help of a reporter, CIEE staff secured the database within an hour after receiving a phone call from the said reporter.

Besides the student information, the MacKeeper team also says they found detailed information on over 12,000 families that agreed to house international students.

For the host families, researchers found medical records, job information, emails, phones, birth dates, religious beliefs, living conditions, and more.

MacKeeper researchers also found reports on student conflicts, personal problems, and even internal CIEE communications.

CIEE is not the first educational institute to leak student information

The Cambridge Institute of International Education is a privately owned consulting firm based in Boston, USA, which helps private US high schools find recruit international students. The company says that, in the last six years, it has generated over $110 million in tuition fees for the high-schools it partnered with.

MacKeeper researchers also highlight that this isn’t the first time when the details of US students get spilled out in the open. In the last year, US universities leaked details for more than a million students.

According to MacKeeper, the list includes the Indiana University (146,000 leaked records), Butler University (200,000), North Dakota University (300,000), the University of Maryland (300,000), and more.

Screenshot of the exposed CIEE database

Screenshot of the exposed CIEE database

Let’s block ads! (Why?)

Related Posts

Facebook Comments

Return to Top ▲Return to Top ▲