- Cybernews researchers find unsecured MongoDB database containing millions of dental user records and appointments
- It most likely belonged to a “dental marketing specialist” agency
- Users should be on their guard against possible attacks
A massive database containing personally identifiable information and other records belonging to millions of US citizens was sitting unprotected on the internet, easily obtainable for anyone who knew where to look, experts have warned.
Cybersecurity researchers at Cybernews discovered the archive in late March 2025, finding it contained roughly 2.7 million patient profiles and 8.8 million appointment records.
The data included people’s names, dates of birth, emails, postal addresses, phone numbers, gender information, chart IDs, language preferences, billing details, and appointment records (including patient metadata, timestamp, and institutional references).
Gargle
Cybernews couldn’t confirm its owner, but says that “clues buried in the database” point toward Gargle, a digital marketing company that describes itself as “specialists in dental marketing”, offering services such as website design, SEO, content marketing, PPC management, and ad creation.
“While not a healthcare provider itself, Gargle’s business model relies on handling patient-facing infrastructure, and in this case, possibly patient data,” Cybernews explained.
Other details are scarce – it’s not known if Gargle really handled the database, or had a third party do it. We also don’t know for how long the archive remained unlocked, and if any malicious actors found it before Cybernews – although we do know that it was locked down the same day it was discovered.
Unsecured databases remain one of the most common causes of data leaks. Many security researchers are warning that organizations don’t understand that security in the cloud works on a model of shared responsibility.
Leave a comment