Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Non-invasive data leaks

Read: 689 Comments: 11 Rating: 14

News posts about data leaks are emerging with alarming frequency, and the magnitude of these leaks is quite stunning.

If we add together the numbers from all the leak reports from January till March 2019, we discover that an astonishing 590 million CVs were leaked from Chinese companies. Most incidents involving the inadvertent leaks were caused by security issues in MongoDB databases and ElasticSearch server software, which were accessible over the Internet without a password.

Source

The cybersecurity company UpGuard reported that Facebook user records were readily accessible to the general public on other sites, including on an Amazon storage server.

Over 540 million user records, including messages, comments, interests and logins, were exposed.

Source

Why so many leaks? Because, while previously, servers were either hacked by enthusiasts just looking for fun or professionals looking to lay their hands on specific local network data, today robots have taken their place.

Here is a typical news post about this subject:

Python Xwo is a bot scanner. It uses default credentials to gain access to various databases, including MySQL, PostgreSQL and MongoDB.

It retrieves a range of IP addresses from its C&C server to target and reports on the results to that same server.

Source

Sometimes attackers steal data, but sometimes they demand a ransom.

In late 2016 and early 2017, attackers mounted a series of attacks on some exposed MongoDB servers. The hackers would simply erase information from the database and demand a ransom to return it (even though, more often than not, they had no copies of the deleted data).

Source

The Cru3lty hack team compromised 22,449 databases in just one week.

Source

That’s 22,000 databases in a week!

How hard can it be for an attacker if a database uses default settings?

Let's check whether the node is accessible over the Internet.

It's easy to do. We'll try to load the site in a browser using port 28017. Enter

And voila:

#drweb

Indeed. So far, nothing particularly alarming is going on, but the fact that anyone can access the system information is not a good sign.

We continue digging.

We try to connect to the database with the mongo client. We enter the following in the console on our laptop:
mongo your_domain.zone:27017

And voila, once again:

#drweb

That's how we connect to a MongoDB shell without entering a password.

Source

#security_update #hack #hacking #personal_data

Dr.Web recommends

The fact is, these servers aren't being hacked. Only legitimate software is being used. A simple script probes servers for a response by scanning addresses one after another. And that's it! The idea that so many people can be that careless is quite stunning. And leaks are still few in number…

Never neglect to protect your databases with strong passwords even if your database software is bundled with another solution. And, of course, install updates.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments