Exposed Data-Stores Radar
We continuously scan the public internet for databases — MongoDB, Elasticsearch, Redis, CouchDB, Memcached, Kibana and more — that are open with no password. No exploit is needed: anyone who finds one can read, copy, or delete everything in it. We detect these passively from Shodan’s public banner data — we never connect to them.
Why this is a risk
An open, unauthenticated database is an open door — not a vulnerability that needs an exploit, just data sitting exposed:
- • Anyone can read, copy, or delete the data — customers, criminals, or automated bots.
- • Ransomware crews scan for exactly this: they connect, exfiltrate, wipe the data, and leave a ransom note. The “Meow” attacks destroyed thousands of open databases this way.
- • It is one of the most common root causes of mass data breaches — no zero-day required.
By engine — and what's at stake
By country
- China204
- United States131
- Germany71
- Singapore39
- France35
- India19
- Japan19
- Russian Federation19
- United Kingdom18
- Netherlands17
Are you exposed?
Check whether your infrastructure has an open data store or other exposure — a free, passive scan of your own internet-facing surface, no signup.
Check your exposure →How it works
How do you know it's actually unauthenticated?
Each engine’s banner only returns server info / data when no auth is enforced (e.g. an open Redis answers INFO; a locked one returns a NOAUTH error). We infer the open state from that already-public Shodan banner — we never connect to or query the database ourselves.
Is this passive and legal?
Yes — it’s read-only threat intelligence over public banner data (the same data class as Shodan, Censys, Shadowserver). We never authenticate, query, read, or modify any database.
Why don't you list the IPs?
Publishing open-database IPs would be a target list for attackers. We keep host details private for responsible disclosure to affected organisations and publish only aggregate counts. (Use the scanner above to check your own exposure.)