- Joined
- Jun 13, 2020
- Messages
- 7,543
- Reaction score
- 916
- Points
- 212
- Awards
- 2
A misconfigured cloud database exposed over 800 million records linked to WordPress users before its owner was notified, according to Website Planet.
Security researcher Jeremiah Fowler explained that the trove was left online with no password protection by US hosting provider DreamHost.
The 814 million records he found were traced back to the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018.
In the 86GB database, there was purportedly admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps, and configuration and security information.
Some of the leaked information was linked to users with .gov and .edu email addresses, Fowler claimed.
Fortunately, the database was secure within hours of DreamHost receiving a responsible disclosure notice from Fowler.
However, the researcher said it was unclear how long it had been exposed, potentially putting users at risk of phishing. Threat actors scanning for exposed databases like this have in the past also stolen and ransomed the information contained within.
Fowler also pointed to the database’s record of “actions” such as domain registrations and renewals.
“These could potentially give an estimated timeline of when the next payment was due and the bad guys could try to spoof an invoice or create a man-in-the-middle attack,” he argued. “Here, a cyber-criminal could manipulate the customer using social engineering techniques to provide billing or payment information to renew the hosting or domain registration.”
The complexity of modern cloud environments makes misconfigurations of this type increasingly common.
Just last week, Fowler revealed an unprotected database containing one billion records belonging to CVS Health.
Security researcher Jeremiah Fowler explained that the trove was left online with no password protection by US hosting provider DreamHost.
The 814 million records he found were traced back to the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018.
In the 86GB database, there was purportedly admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps, and configuration and security information.
Some of the leaked information was linked to users with .gov and .edu email addresses, Fowler claimed.
Fortunately, the database was secure within hours of DreamHost receiving a responsible disclosure notice from Fowler.
However, the researcher said it was unclear how long it had been exposed, potentially putting users at risk of phishing. Threat actors scanning for exposed databases like this have in the past also stolen and ransomed the information contained within.
Fowler also pointed to the database’s record of “actions” such as domain registrations and renewals.
“These could potentially give an estimated timeline of when the next payment was due and the bad guys could try to spoof an invoice or create a man-in-the-middle attack,” he argued. “Here, a cyber-criminal could manipulate the customer using social engineering techniques to provide billing or payment information to renew the hosting or domain registration.”
The complexity of modern cloud environments makes misconfigurations of this type increasingly common.
Just last week, Fowler revealed an unprotected database containing one billion records belonging to CVS Health.
