News

More Than 12% of Online Stores May Accidentally “Merge” Personal Data and Backups

According to a study conducted by Sansec, many online stores mistakenly leave private backups in the public domain (for example, store them in public folders), which may contain passwords from internal accounts and other non-public information.

As a result, all this can be used to capture e-commerce sites and extortion.

Let me remind you that we also wrote that The operator of an online store selling stolen bank cards sentenced to 7.5 years in prison, and also that Privacy-focused ClearURLs extension removed from Chrome Web Store.

Also, the media, for example, indicated that Magento Store Owners Intentionally Bypass Critical Vulnerability Patch.

Analysts studied 2037 online stores of various sizes and found that 250 (12.3%) of them store ZIP, SQL and TAR archives in public web folders that can be freely accessed without any authentication.

It seems that the archives are located where they do not belong at all, due to banal negligence, human error, or by mistake.

Even worse, these archives are often backups that contain database passwords, secret administrative URLs, internal API keys, and customer personal data.

In the same report, the researchers highlight that they are seeing constant activity from attackers who use automatic scanning to find such backups and hack them.

Cybercriminals are actively looking for such backups because they contain passwords and other sensitive information. The leaked secrets are then used to seize control of stores, extort and intercept customer payments.the experts explain.

At the same time, the criminals sort through various combinations of possible backup names on the target sites, based on the name of the resource and public DNS data, for example, /db/staging-SITENAME.zip. Since such “probes” are inexpensive for hackers and do not affect the performance of the target resource, attackers can conduct such reconnaissance for several weeks until they find what they are looking for.

Sansec reports that such attacks come from many IP addresses, which means that hackers are well aware of the existence of backups forgotten in the public domain, and purposefully try to use them.

Experts urge all site owners to regularly check their resources for accidental disclosure of data and backups. In the event of a leak, they advise immediately resetting passwords for administrator and database accounts, as well as enabling two-factor authentication for all employee accounts.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

13 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

13 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

13 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

13 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

17 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

17 hours ago