An unprotected database belonging to a webmaster forum, Digital Point, exposed more than 800,000 users’ records. Security firm WebsitePlanet and security researcher Jeremiah Fowler found the unsecured Elasticsearch database on July 1, 2020, which contained over 62 million users’ records belonging to 863,412 Digital Point users.
Digital Point is a marketplace for web related services. The company caters to those individuals who maintain or create websites and lets users buy and sell websites, SEO, etc. The leaky database exposed users’ personal details like email addresses, names, internal user ID numbers, internal records, and user posts. “This is an Elastic database set to open and be visible in any browser (publicly accessible) and could have been edited, downloaded, or even deleted data without administrative credentials,” the researchers said.
Potential Impact of the Leak
Exposure of personal information could allow cybercriminals to launch targeted phishing attacks. They could also misuse contact information, email IDs, and other sensitive details to create a fake domain that impersonates a legitimate one. Domain hijacking is commonly used by threats actors to change the registration and ownership information. The criminal has an upper hand, as the domain could be used for malicious activities or sold to a third party. Using a strong password or enabling multi-factor authentication for domain protection is highly recommended.
Risks with Unsecured Databases
Every minute is an opportunity for threat actors. A recent security experiment by Comparitech led by cybersecurity researcher Bob Diachenko discovered that cybercriminals attacked a model of an unsecured database 18 times in a single day. In a security alert, Comparitech explained how unauthorized third parties find, gain access, and alter exposed data without any authentication process, leaving users’ privacy at risk. The company set up a honeypot to know how quickly the hackers would attack an Elasticsearch server with a dummy database and fake data in it.
Comparitech left the exposed data from May 11 until May 22, 2020. It found 175 attacks in just eight hours after the server was deployed, and the number of attacks in one day totalled to 22. All attackers were not looking to steal data. Some targeted unsecure servers to mine cryptocurrency, steal passwords, and destroy data.