The huge database with 119GB of data was indexed by Shodan and was found by Bob Diachenko, Director of Cyber Risk Research at Hacken.
Also, shodan labeled the database as compromised and a readme file inside the database contains a ransom note.
Ransom notes read as follows
“mail”:”[email protected]”,”note”:”14ARsVT9vbK4uJzi78cSWh1NKyiA2fFJf3″,”btc“:”ALL YOUR INDEX AND ELASTICSEARCH DATA HAVE BEEN BACKED UP AT OUR SERVERS, TO RESTORE SEND 0.1 BTC TO THIS BITCOIN ADDRESS 14ARsVT9vbK4uJzi78cSWh1NKyiA2fFJf3 THEN SEND AN EMAIL WITH YOUR SERVER IP, DO NOT WORRY, WE CAN NEGOCIATE IF CAN NOT PAY”}}]}}
The researcher said that “the attackers are using a script that automates the process of accessing a database, possibly exporting it, deleting the database, and then creating the ransom note.”
But the script fails and the database is not encrypted, the Passwordless Database appears to have audit data from July 15th to Sept 19th, 2018.
Diachenko contacted FitMetrix and Mindbody initially there is no response, “Taking into account the size and sensitivity of data, we have decided to contact trusted journalists with whom we worked on several similar cases in the past, so they could reach out to the company via their ‘media channels’ and grab their attention.”
“Finally, after several notification attempts, Mindbody responded and the database was secured on October 10th,” the researcher said in the blog post.