Researchers recently uncovered an unprotected MongoDB database belonging to IDMerit, a KYC (Know Your Customer) verification provider.