Website builder Ucraft leaks data of hundreds of thousands of users

News
By
published

Another day, another misconfigured database

An abstract image of a cloud raining data.
(Image credit: Pixabay)

Hundreds of thousands of users of a popular website builder firm may have had their personal information leaked online due to shoddy security practices, a new report has revealed.

Researchers from Cybernews found that a publicly accessible Google Cloud Storage Bucket belonging to website building and design tools firm Ucraft kept sensitive client data in it for years. 

Created by an Armenian IT services company, the bucket was eventually discovered by malicious actors, grabbed, and distributed on the dark web.

Ucraft breach

The report added that Ucraft reportedly kept sensitive user information dating back to 2018, counting “hundreds of thousands of users”, including unredacted domain registration information such as email addresses, phone numbers, names, and postal addresses, user email addresses, hashed passwords, old passwords, transaction data and partial credit card details, and database hosts and database names for client sites. 

Subsequent investigation revealed that a threat actor also discovered the bucket in March 2023, and exfiltrated whatever data it found there. The stolen information was posted on a hacker forum in early January 2024, which was what prompted Cybernews to investigate in the first place.

Ucraft has yet to comment on the findings, but the Cybernews team says they reached out to the bucket owners and warned them of the security lapse, with the database subsequently locked down.

Unprotected and misconfigured databases remain one of the most common reasons for data leaks and breaches. Almost every day, security researchers stumble upon major databases, often belonging to large enterprises, hosting sensitive information for years. In many instances, the databases get discovered after a routine internet scan with tools such as Shodan.

Leaking information such as this one can lead to a whole host of malicious activity, from identity theft, to credential stuffing, and account takeovers. Many phishing attacks start with data leaks such as this one, as they allow hackers to create convincing, tailored phishing emails.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.