>
Many leading online stores are disclosing personal customer information, putting both the company and their users at risk of identity theft (opens in new tab)extortion attacks and other cybersecurity incidents, new research finds.
Sansec analyzed more than 2,000 online stores and found that 250, or about 12%, kept their backups in public folders that are easily accessible to anyone who knows where to look.
The backups, mainly .ZIP, .SQL, and .TAR archives, contain sensitive information such as database passwords, secret admin URLs, internal API keys, and personally identifiable customer information.
Costly mistakes
Sansec says companies have been negligently or mistakenly disclosing these backups.
At the same time, cybercriminals know very well that companies sometimes make these mistakes and are always looking for new victims.
“Online criminals are actively seeking these backups because they contain passwords and other sensitive information,” Sansec said in its report. “Exposed secrets have been used to gain control of stores, extort sellers and intercept customer payments.”
Searching for exposed backups is an automated practice, BleepingComputer said in its report. Attackers look for different combinations of possible names, using the name of the site and public DNS information, for example “/db/staging-SITENAME.zip”. These scans are cheap and don’t compromise the performance of the site, so hackers are free to run as many as they can.
To address the threat, Sansec says, website owners and IT teams should regularly analyze their sites for databases that are being falsely and negligently exposed. If they find such a database, it is recommended to reset administrator accounts and database passwords and immediately enable MFA on all employee accounts.
In addition, IT teams can check the web server logs to see if anyone has downloaded the backup. They can also check administrator account logs to see if third parties have accessed them.
Through: Beeping computer (opens in new tab)