A ride-hailing company operating in Iran left open and publicly available a database containing sensitive information about its drivers. In total, the MongoDB instance stored over 6.7 million records. The information included the driver’s first and last name, their Iranian ID number (the equivalent of the social security number), phone number and invoice date. The database was split into two invoice collections, one for 2017 – ‘invoice95’ with 740,952 records, and the other for 2018 – ‘Invoice96’ containing 6,031,317 records.
Source: https://www.bleepingcomputer.com/news/security/ride-hailing-company-exposes-sensitive-info-of-iranian-drivers/