Many top online stores are exposing private customer data, putting both the business, and their users, at risk of identity theft, extortion attacks, and other cybersecurity incidents, new research has claimed.
Analyzing more than 2,000 online stores, Sansec found that 250, or approximately 12%, kept their backups in public folders which are easily accessible to anyone who knows where to look.
The backups, mostly .ZIP, .SQL, and .TAR archives, contained sensitive information, such as database passwords, secret administrator URLs, internal API keys, and personally identifiable customer information.
Costly mistakes
Sansec says businesses kept these backups public either in negligence or in error.
At the same time, cybercriminals are well aware that businesses sometimes make these mistakes, and are always on the prowl for fresh victims.
“Online criminals are actively scanning for these backups, as they contain passwords and other sensitive information,” Sansec said in its report. “Exposed secrets have been used to gain control of stores, extort merchants and intercept customer payments.”
Hunting for exposed backups is an automated practice, BleepingComputer said in its report. Attackers look for different combinations of possible names, using the site’s name and public DNS data, for example “/db/staging-SITENAME.zip”. These scans are inexpensive and don’t hurt the site’s performance, so hackers are free to conduct as many as they can.
To tackle the threat, Sansec says, website owners and IT teams should regularly analyze their sites for databases exposed in error and out of negligence. In case they find such a database, resetting admin accounts and database passwords, and enabling MFA on all employee accounts immediately, is recommended.
What’s more, IT teams can check the web server logs to see if anyone downloaded the backup. They can also check admin account logs to see if any third-party accessed them.
- These are the best firewalls right now
Via: BleepingComputer
