Many leading online retailers are exposing private customer information, putting both the company and its users at risk of identity theft (opens in a new tab)extortion and other cybersecurity incidents, according to new research.
Analyzing over 2,000 online stores, Sansec found that 250, or around 12%, store their backups in public folders that are easily accessible to anyone who knows where to look.
The backups, mainly .ZIP, .SQL, and .TAR archives, contained sensitive information such as database passwords, secret administrator URLs, internal API keys, and customer personal information.
Costly mistakes
Sansec claims that the companies made these backups public as a result of negligence or error.
At the same time, cybercriminals are well aware that companies sometimes make such mistakes and are always on the hunt for new victims.
“Online criminals actively scan these backups because they contain passwords and other sensitive information,” Sansec said in its report. “Secrets exposed were used to hijack stores, extort merchants and intercept customer payments.”
The hunt for leaked backups is an automated practice, BleepingComputer said in its report. Attackers look for different combinations of possible names using the site name and public DNS data, for example “/db/staging-SITENAME.zip”. These scans are inexpensive and don’t negatively impact site performance, so hackers can run as many scans as they can.
Sansec says that in order to face the threat, site owners and IT teams should regularly analyze their sites for databases that have been exposed through error and negligence. If such a database is found, it is recommended to reset the administrator accounts and database passwords and immediately enable MFA on all employee accounts.
Moreover, IT teams can check web server logs to see if anyone has downloaded a backup. They can also check the admin account logs to see if they have been accessed by a third party.
By: Beeping Computer (opens in a new tab)