As many as 2.3 billion data files are presently stored in unsecured and misconfigured web servers such as Amazon S3 buckets, Server Message Block (SMB), File Transfer Protocol (FTP) and rsync servers by companies across the world, new research has found.
Last month, a security researcher unearthed a massive unsecured database hosted by Amazon Web Services that contained 49 million data records belonging to over 350,000 Instagram users. Information stored in the database included phone numbers and email addresses of celebrities and influencers on the social media platform.
Earlier in the month, security researcher Bob Diachenko also found a publicly indexed MongoDB database hosted on Amazon AWS infrastructure that contained over 275 million records with personal identifiable information (PII) on Indian citizens but was not secured from external access. These data records included names, email addresses, gender, mobile phone numbers, dates of birth, current salary, employment history, education levels, and professional skills of millions of Indian citizens.
Billions of unprotected data files ripe for the taking
These are just two of countless public-facing yet-unsecured databases on the web that store personal and financial information belonging to millions of people from all over the world. If discovered by hackers, these databases can provide invaluable information required to create fake profiles, steal money from banks, make unauthorised purchases using payment card details, and carry out phishing attacks.
According to recent research conducted by Digital Shadows, as many as “2.3 billion data files are being made publicly available by misconfigured and non-secured technologies” that include Amazon S3 buckets, Server Message Block (SMB), File Transfer Protocol (FTP) and rsync servers.
The number of data files available in these non-secured servers have risen by 50 percent since March last year and these files include highly-sensitive information such as patient records, medical images like X-ray scans, passport scans, asset documents, employee passwords, and financial records.
According to Digital Shadows, most data were exposed by unsecured SMB protocols while FTP and rsync servers exposed 20 percent and 16 percent out of the 2.3 billion data files. Amazon Web Services has introduced a new feature called “Block Public Access” which has reduced data exposure to an extent but the overall volume of exposed documents has still increased over the past year because of lack of security in other servers.
“Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant. Countries within the EU are collectively exposing over a billion files – nearly 50% of the total we looked at globally – some 262 million more than when we looked at last year,” said Harrison Van Riper, a Strategy and Research Analyst at Digital Shadows.
“Some of the data exposure is inexcusable – Microsoft has not supported SMBv1 since 2014, yet many companies still use it. We urge all organisations to regularly audit the configuration of their public facing services,” he added.
UK-based cottage deals firm exposed personal records of customers
On 29th May, security researcher Bob Diachenko discovered an open and unprotected MongoDB database that contained 1,006 records of personal and payment information of customers of Snaptrip, a UK-based company that offers last-minute cottage holiday deals to citizens.
Diachenko found sensitive personal and financial information in the database that included full names, email addresses, phone numbers, full addresses, credit card numbers, card types, cardholder names, and CVV numbers belonging to customers of Snaptrip. The database was secured within hours of Diachenko informing Snaptrip about the exposure.
“The danger of having an exposed (passwordless) MongoDB or similar NoSql databases is huge. I have previously reported that the lack of authentication allowed the installation of malware or ransomware on the MongoDB servers,” wrote Diachenko.
“The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges. Once the malware is in place criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains,” he added.