Search This Blog

Showing posts with label Unprotected database. Show all posts

Research Shows 19 Petabytes of Data Exposed Across 29,000+ Unprotected Databases

 

Researchers from CyberNews discovered that over 29,000 databases across the world are now totally inaccessible and publicly available, exposing over 19,000 terabytes of data to everyone, including threat actors. 

The majority of businesses keep confidential data in databases. Passwords, usernames, document scans, health records, bank account, and credit card information, and other vital information are all easily searchable and stored in one location. 

To steal all that valuable data, attackers don't always need to hack them: one of the most common causes of a breach is databases that have been left unsecured, allowing anyone to access the data without a username or password. Hundreds of millions of people's personal information can (and often does) become exposed on the internet as a result of database security flaws, allowing threat actors to exploit that data for a variety of malicious purposes, including phishing and other forms of social engineering attacks, as well as identity theft. 

According to CyberNews, hundreds of thousands of database servers are still open to everyone, with more than 29,000 insecure databases exposing nearly 19 petabytes of data to hacking, tampering, deletion, and other threats. The fact that tens of thousands of open databases have data exposed is nothing new. Indeed, cybercriminals are so aware of this that a vulnerable database can be identified and targeted by threat actors in only a few hours. 

After years of huge data breaches, ransom requests, and even crippling data wipeouts by feline hackers (meow), one would think database owners would be aware of the issue and, at the very least, ask for a username and password before letting someone in. 

To conduct the investigation, CyberNews used a specialized search engine to look for open databases for Hadoop, MongoDB, and Elasticsearch, three of the most common database types. As a result, the true number of unprotected databases and the volume of data exposed is undoubtedly much higher than they discovered. 

According to the results found, there are at least 29,219 vulnerable Elasticsearch, Hadoop, and MongoDB databases are let out in the open. Hadoop clusters outnumber the competition in terms of exposed data, with nearly 19 petabytes available to threat actors who could put millions, if not billions, of users at risk with a single click. 

Elasticsearch leads the pack in terms of exposed databases, with 19,814 instances without any kind of authentication, placing more than 14 terabytes of data at risk of being hacked or held hostage by ransomware gangs. MongoDB appears to do much better than others in terms of terabytes, but the 8,946 unprotected instances demonstrate that thousands of organizations and individuals who use MongoDB to store and handle their data still have a long way to go in terms of basic database security. 

Unknown cyber criminals conducted a series of so-called "Meow" attacks in 2020, wiping all data from thousands of unsecured databases without explanation or even a ransom demand, leaving shocked owners with nothing but an empty folder and files labeled "meow" as the attacker's signature. It was found that 59 databases hit by the ‘Meow’ attacks a year ago are still unprotected and collectively leaving 12.5GB of data exposed. 

According to CyberNews security researcher Mantas Sasnauskas, this only goes to show that raising awareness about exposed and publicly accessible databases is as important as ever. “Anyone can look for these unprotected clusters by using IoT search engines to effortlessly identify those that don’t have authentication enabled and exploit them by stealing the data, holding them ransom, or, as was the case with the ‘Meow’ attack, simply destroy valuable information for fun, wiping billions of records and crippling both business and personal projects in the process.”

Databases are used by businesses of all sizes to store customer and employee records, financial details, and other confidential information. Databases are often operated by administrators who lack security training, making them an easy target for malicious actors. 

The owner of a database can take certain steps to protect the database from unwanted visitors like:
1.Authentication should be activated so that no one can access your database without the correct credentials or ssh key. 
2.One must not use the default password – threat actors scour the internet for publicly available databases with default passwords allowed and target them on the spot.
3.Maintain the latest version of your database program.

Unprotected Database reveals 'BreedReady' Status for 1.8 Million Women




An unprotected database revealed personal information of more than 1.8 million women in China. The data set includes a ""BreedReady" status of the, apart from the regular information like name, age, and date of birth.

The database includes phone numbers, ID numbers,  addresses,   marital status, URLs to photos, GPS coordinates, information about the political affiliation and education related details, and a 'HasVideo' field.

A well-known security researcher Victor Gevers, working with the non-profit GDI Foundation, was the one who got a hold on the unprotected the data trove while he was searching for open databases in China, and he found tens of thousands of them.

He tweeted the screenshot of the database saying, "In China, they have a shortage of women. So an organization started to build a database to start registering over 1,8 million women with all kinds of details like phone numbers, addresses, education,  location, ID number, marital status, and a ”BreedReady" status?"

The researcher stated that in the database the youngest woman with the status 'BreedReady:1' is 18 years old and the oldest is 39. The BreedReady field meant to specify whether the person has children or not.

Most of the women in the database are single (89%) and are based in Beijing. The youngest girl is 15 years old.

Gevers found a total of 18 unprotected databases all are from China, and it has data from six social platforms that are operational in the country. The personal data includes names, ID numbers,  photos, GPS locations, network info, public and private conversations, and file exchanges.