Separator

Exposed Databases - India Ranks Third After China & US

Separator
Exposed Databases - India Ranks Third After China & US

CEOInsights Team, 0

23 percent of banks had at least one misconfigured database exposed to the internet, which resulted in potential data leakages. A research by Censys claims that healthcare industry has more exposed attack surfaces than any other industry it surveyed. Another report stated that at least 16 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information were exposed through data breaches since 2019, while the first quarter of 2020 has been the worst, with over eight billion records exposed. Even companies like Microsoft exposed 250 million customer service records, which resulted due to misconfiguration of internal database, while Telegram exposed the personal information of millions of users.

Even NordPass’ research reveals that the web is swirling with exposed databases. The global unsecured databases accounted for 9,517 with 10,46,33,15,645 entries in 20 different countries. India is ranks third in the list post China & US. While India had 520 unsecured databases containing 48,78,723 entries with such data as emails, passwords and phone numbers, China had nearly 3794 exposed databases, with potentially
26,293,83,174 users accounts breached. US, which ranked second, had nearly 3,000 unsecured databases and almost 2.3 billion entries made available online.

Some of the largest data leaks of last year resulted from exposed databases. For instances, millions of Facebook records were exposed on a public Amazon server, while another incident exposed information of 80 million US households, and many more. While the idea of searching for exposed databases may seem complex, the process itself is quite straightforward. Search engines like Censys or Shodan scan the web constantly and let anyone view open databases in just a few clicks. And if the database managers used the default logins, getting into one would be a piece of cake.

Chad Hammond, Security Expert at NordPass, says, “In fact, with proper equipment, you can easily scan the whole internet on your own in just 40 minutes”.

The most recent of the attacks were of Meow, which wiped clean thousands of the unsecured databases. Chad adds, “These kinds of attacks are very frequent. Usually the attacker asks for ransom. This attack seems to be different only because the hackers deleted the data instead of asking for ransom”. He also estimated that 39 percent of all databases have already been hit by one of these ransomware attacks. ‘The Meow attack against unsecured databases should only reinforce the need for proper data security. And while some of the affected databases only contained testing data, the Meow attack targeted some high-level victims, among which was one of the biggest payment platforms in Africa”.

As per Chad, data security and protection should be a top priority and hence proper protection should include data encryption at rest, wire (in motion) data encryption, identity management and vulnerability management.