Webmaster Portal Leaks 63 Million Records
The world’s largest webmaster form has been found wanting in terms of its cybersecurity posture after researchers discovered an unprotected database leaking data on nearly 900,000 users.
Digital Point provides a platform for members to chat and buy and sell websites, domains and digital services.
Back in July, researchers at WebsitePlanet teamed up with Jeremiah Fowler to discover an Elasticsearch database belonging to Digital Planet that was left online without password protection, exposing nearly 63 million records.
These included emails, names, internal user ID numbers, internal records and user posts related to 863,412 users of the site.
Fowler warned that an attacker without administrative credentials could have edited, downloaded or even deleted this data.
The latter threat is particularly real given the recent spate of “Meow” bot attacks on exposed databases. An attacker could also look to steal the data before deleting it and holding it to ransom.
Another particular threat from exposure of this kind of data is domain hijacking, Fowler warned.
“Having the contact information, email and other details could allow a cyber-criminal to use acquired personal information about the actual domain owner to impersonate them,” he explained.
“Domain hijacking is exactly what it sounds like and criminals could try to change the registration information and ownership details. This type of theft would allow the domain hijacker to gain full control of the website name and can use the domain for their own purposes or try to sell it to a third party.”
Fowler described the dataset as a “treasure chest of information” for would-be domain hijackers.
“Many of the email accounts were admin@ or similar. Having a domain stolen can destroy a business or an organization and there is no guarantee that you will get it returned,” he continued.
“Anyone who has ever lost a domain name will tell you that dealing with lawyers, court costs and losing the trust of your clients would be devastating.”
We’re Beeso IT, how can we help?
Our expert team of engineers, consultants, solution architects and project managers work right alongside our client’s internal IT teams – bringing their years of technical experience & competencies to your business on a need by need basis.
Wherever you require support, for whatever technology requirement. The Beeso IT team are on-hand locally as your global technology partner. If you are unsure of how secure your endpoints are, please contact the team today.
News source: https://www.infosecurity-magazine.com/
Share This!
MICROSOFT OFFICE 365
YOUR COMPLETE OFFICE IN THE CLOUD
Bringing together everyone's favourite productivity tools with the benefits of cloud-based communication and collaboration, Microsoft have developed a platform that is both technically & commercially-sound for businesses of any shape.