Serviceteam IT Security News

The databases contain personal information that could be used for phishing attacks and identity theft schemes

Researchers have found close to 10.5 billion pieces of consumer data that has been left sitting in almost 10,000 unsecured internet-facing databases hosted across 20 countries. The data is said to include email addresses, passwords, and phone numbers.

The study was conducted by NordPass between June 2019 and June 2020 in cooperation with an unnamed white hat hacker, who scanned the web for Elasticsearch and MongoDB libraries in search of misconfigured databases.

It’s worth noting that three countries accounted for most of the exposed records, with France bearing the brunt (5.1 billion detected entries). China followed on 2.6 billion records and the United States came in third with 2.3 billion data points. When it comes to countries with the largest numbers of ill-configured databases, China came first (4,000), followed by the US (3,000) and India (500).

Since the information is stored in unprotected databases, cybercriminals would have to put in little to no effort to gain access to the data. With the records in hand they could wreak all sorts of havoc on their victims.

For example, the pilfered data could be used for social engineering attacks that are ultimately aimed at draining your bank accounts or at breaking into your other accounts. These attacks pay dividends especially if you recycle your passwords across various online services.

The stolen information could also be used to conduct (spear)phishing attacks that could lead to hundreds of thousands of dollars in losses, as one Premier League club almost found out recently. In other scenarios, miscreants could sell the data on the dark web, extort the victims or, as the recent ‘Meow’ attacks have shown, some data could simply be replaced with random garbage. Passwords are the bare minimum the admins should have used to secure the databases.

RELATED READING: Five tips for keeping your database secure

It’s worthwhile to remind ourselves of some account security basics, which include using unique and strong passwords or passphrases, potentially with the help of a password manager. It’s also highly advisable to use two-factor authentication, which adds an extra layer of security in exchange for very little effort. If you ever suspect that something is amiss with your accounts, you can also check out our handy guide on how to check if your password has been stolen.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!