- Cybergenw’s researchers find unsecured Mongodb database containing millions of dental assignments and appointments
- It probably belonged to a “Dental Marketing Specialist” agency
- Users must be on their guard against possible attacks
A massive database containing personally identifiable information and other items belonging to millions of US citizens sat unprotected on the Internet, easily achievable to anyone who knew where to see, experts have warned.
CyberSecurity scientists on Cygenerws Discovered the archive at the end of March 2025 and found that it contained approx. 2.7 million patient profiles and 8.8 million agreements.
The data contained people’s names, birth dates, e emails, mailing addresses, telephone numbers, gender information, diagram -ids, language preferences, invoicing details and contract registers (including patient metadata, timestamp and institutional references).
Gargle
Cybergenws could not confirm its owner, but says that “clues buried in the database” point to Gurgle, a digital marketing company describing itself as “specialists in dental marketing” that offer services such as site design, SEO, content marketing, PPC management and advertising.
“Although not even a healthcare provider, Gurgle’s business model depends on dealing with patient -facing infrastructure and in this case possibly patient data,” Cybergenws explained.
Other details are scarce – it is not known if Gurgle really handled the database or had a third party to do so. We also do not know how long the archive remained unlocked, and if any malicious actors found it before Cybergenws – even though we know it was locked down the same day, it was discovered.
Unsecured databases continue to be one of the most common causes of data leaks. Many security researchers warn that organizations do not understand that security in the cloud is working on a model of shared responsibility.
