“Forum Compromised” is something you don’t like to read or hear as a Webmaster. In this case, that’s what happened to the world’s largest webmaster community was recently compromised.
Emails, names, user IDs, posts, and more information was exposed.
All this happened due to an insecure and unencrypted database.
The concerned users may now be vulnerable to spear-phishing attacks. They may also suffer from domain hijacking.
Is your information in online databases secure? What can you do to protect yourself when they get compromised?
Read on to find to see if your favorite forum is compromised, too.
What is The World’s Largest Forum Compromised?
California-based Digital Point states that it is the world’s largest webmaster community.
As a marketplace for online services, the organization provides a space for professionals who develop or maintain websites.
Users can interact with each other to buy and sell sites, SEO services, and so on.
How Was the Database Information Exposed?
62 million user records from 863,412 users were compromised due to an insecure database without administrative safeguards.
Cybersecurity researcher Jeremiah Fowler and the Cybersec firm WebsitePlanet discovered this unsecured Elasticsearch database last July.
According to the researcher, “The elastic database was configured as open, and accessible by the public.”
He added that the database “May have been downloaded, modified, or terminated without any administrative access controls necessary.”
When Fowler found the leak, he sent a disclosure notice to Digital Point which took prompt action and revoked access to the database.
Funnily, the email he used to contact Digital Point was found in the same database.
Meow Bot – Insecure Databases at Threat
Data theft and phishing are real concerns when databases are left unsecured.
Along with this, such databases may fall prey to things like Meow Bot.
Meow Bot is a script that has led to several thousand MongoDB and Elasticsearch databases being compromised in July alone.
It exists solely to corrupt exposed and vulnerable databases that do not have security controls.
The bot is named “meow” as it fills database indexes with random strings of numbers along with the word “meow.”
It appears to be someone’s idea of a joke, like this comical scene in Jurassic Park.
What Impact Can the Leak Potentially Have?
Such exposed databases may allow cybercriminals to gain information such as names, email addresses, and other details that can then allow them to launch devastating spear phishing attacks.
Contact information and email IDs may also be misused to spoof legitimate domains and mislead others into parting with sensitive information.
Domain hijacking is another problem where malicious actors may modify registration and ownership data of legitimate domains to take them over. Criminals may then use such domains for malicious activities or sell them.
What Can You Do To Protect Your Assets?
Several online databases get compromised daily and can create threats for unsuspecting organizations and users.
However, there are a few steps you can take to protect your information and financial assets.
Firstly you should use a password management system or have a password policy in your organization to encrypt your systems and databases.
Turning on multi-factor authentication whenever possible is also highly recommended.
You are not alone in the fight against cybercrime. Our experts at MyITGuy stand ready to help.