Sky denies it suffered a significant network breach

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Cybersecurity researchers have found what appears to be a configuration file hosted on a domain hosted by the Sky media group apparently listing access credentials of production-level databases in plain text.

Discovered by CyberNews researchers during a threat intelligence gathering operation, the file appears to be the main configuration file of the application hosted on the ‘upliftmedia’ subdomain of Sky.com

In addition to plain text access credentials to databases, the file also contains addresses to development endpoints. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

The researchers reported the issue to Sky, following which the configuration file was no longer accessible.

But, where’s the database?

In response, Sky says it acted fast and customer data was never at risk, and there was no larger impact on its data or systems

The researchers claim the file was first indexed by an Internet of Things (IoT) search engine last month, which thankfully enforces a 30 day grace period during which the file is only available to white hat researchers.

Since the file wasn’t flagged or taken down, it became visible to everyone last week, after the expiration of the grace period.

“There’s no way to tell what data is being stored on the production server. With that said, exposed configuration files can serve as quick infiltration shortcuts for ransomware groups that could take a company’s servers and data hostage,” note the researchers who found the credentials, but not the database itself.

They add that threat actors are always on the lookout for such misconfigurations, and capitalize on the mistakes and oversights by companies of Sky’s size and importance, and contend that anyone who knew where to look could have accessed the data using the authentication credentials listed in the configuration file.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.