1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Data of 30 million WordPress users leaked by top cloud accounting

    From TechnologyDaily@1337:1/100 to All on Mon Apr 10 15:30:03 2023
    Data of 30 million WordPress users leaked by top cloud accounting firm

    Date:
    Mon, 10 Apr 2023 14:11:45 +0000

    Description:
    A Canadian cloud unicorn leaves database with sensitive data unattended.

    FULL STORY ======================================================================

    FreshBooks, a Canadian unicorn startup building cloud accounting software , kept an Amazon Web Services ( AWS ) Storage bucket holding sensitive employee information unprotected on the internet, available to anyone who knew where
    to look, experts have claimed.

    As a result, more than 30 million of its users, in more than 160 countries around the world were put at risk of identity theft and other cybercrime.

    The alert was issued by the Cybernews research team, which first discovered the database in late January 2023. Easily cracked passwords

    On first glance, it held storage images and metadata of its blog, but deeper analysis discovered backups of the websites source code, as well as site
    info, configurations, and login data for 121 WordPress users. The login data
    - usernames, email addresses, and hash passwords - belonged to the sites administrators. They were hashed using easily crackable MD5/phpass hashing framework, the researchers said, suggesting that obtaining the information in plaintext was relatively easy.

    With this information, the Cybernews team says, threat actors could have accessed the websites backend and made unauthorized changes to its content. They could have analyzed the source code, understood how the website
    operated, and found other vulnerabilities to sell or exploit. In fact, a 2019 server backup held at least fivevulnerable plugins that were installed on the website at the time, the researchers found. Read more

    This top WordPress plugin had a security flaw that could let hackers hijack
    your site


    This critical WordPress plugin flaw could let hackers hijack your website


    Check out the best endpoint protection services right now

    In an even more dangerous scenario, they could have installed malicious software, moved laterally throughout the network, and stolen sensitive data.

    There is a caveat to exploiting the vulnerability, though: The websites login page to the admin panel was secured and not publicly accessible, the researchers explain. However, attackers could still bypass this security measure by connecting to the same network as the website or finding and exploiting a vulnerable WordPress plugin. These are the best malware removal tools around

    Via: Cybernews



    ======================================================================
    Link to news story: https://www.techradar.com/news/data-of-30-million-wordpress-users-leaked-by-to p-cloud-accounting-firm


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)