1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Many online stores are exposing private customer data

    From TechnologyDaily@1337:1/100 to All on Wed Feb 8 21:00:05 2023
    Many online stores are exposing private customer data

    Date:
    Wed, 08 Feb 2023 20:56:46 +0000

    Description:
    Some stores are reckless with their data, leaving sensitive information exposed.

    FULL STORY ======================================================================

    Many top online stores are exposing private customer data, putting both the business, and their users, at risk of identity theft , extortion attacks, and other cybersecurity incidents, new research has claimed.

    Analyzing more than 2,000 online stores, Sansec found that 250, or approximately 12%, kept their backups in public folders which are easily accessible to anyone who knows where to look.

    The backups, mostly .ZIP, .SQL, and .TAR archives, contained sensitive information, such as database passwords , secret administrator URLs, internal API keys, and personally identifiable customer information. Costly mistakes

    Sansec says businesses kept these backups public either in negligence or in error.

    At the same time, cybercriminals are well aware that businesses sometimes
    make these mistakes, and are always on the prowl for fresh victims.

    Online criminals are actively scanning for these backups, as they contain passwords and other sensitive information, Sansec said in its report. Exposed secrets have been used to gain control of stores, extort merchants and intercept customer payments. Read more

    These countries have the most exposed databases online


    Millions of MySQL servers found exposed online - is yours among them?


    Check out the best security suites right now

    Hunting for exposed backups is an automated practice, BleepingComputer said
    in its report. Attackers look for different combinations of possible names, using the sites name and public DNS data, for example /db/staging-SITENAME.zip. These scans are inexpensive and dont hurt the sites performance, so hackers are free to conduct as many as they can.

    To tackle the threat, Sansec says, website owners and IT teams should regularly analyze their sites for databases exposed in error and out of negligence. In case they find such a database, resetting admin accounts and database passwords, and enabling MFA on all employee accounts immediately, is recommended.

    Whats more, IT teams can check the web server logs to see if anyone
    downloaded the backup. They can also check admin account logs to see if any third-party accessed them. These are the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/many-online-stores-are-exposing-private-custome r-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)