In total, there are 9,517 unsecured databases and 10,463,315,645 entries in 20 different countries.
The United States comes second, with nearly 3,000 unsecured databases and almost 2.3 billion entries made available online.
India was third, with 520 unsecured databases and 4,878,723 entries.
Sensitive vs. testing data
While some of this data might be useless and only used for testing, much of it could be damaging if exposed. Some of the largest data leaks of last year resulted from exposed databases. For example, millions of Facebook records were exposed on a public Amazon server. In another incident, an unsecured database exposed information of 80 million US households. The data included victims’ addresses, income, and marital status. A rehabilitation clinic in the US also suffered from a data leak, over which nearly 150,000 patients had their personal information exposed. The most worrying part is that this data was not leaked by a persevering hacker - it was simply sitting there in a public database.
While the idea of searching for exposed databases may seem complex, the process itself is quite straightforward. Search engines like Censys or Shodan scan the web constantly and let anyone view open databases in just a few clicks. If the database managers used the default logins, getting into one would be a piece of cake.
“In fact, with proper equipment, you could easily scan the whole internet on your own in just 40 minutes,” says Chad Hammond, security expert at NordPass.
Attacks against unsecured databases
Recently, unsecured databases have been hit by a “Meow” attack, which wiped clean thousands of them. “These kinds of attacks are very frequent. Usually, the attacker asks for ransom. This attack seems to be different only because the hackers deleted the data instead of asking for ransom,” says Chad Hammond, security expert at NordPass.
The NordPass security expert estimates that 39% of all databases have already been hit by one of these ransomware attacks.
“The Meow attack against unsecured databases should only reinforce the need for proper data security. And while some of the affected databases only contained testing data, the Meow attack targeted some high-level victims, among which was one of the biggest payment platforms in Africa,” says Chad Hammond.
The essentials of database security
Data security and protection should be a top priority. “Every company, entity, or developer should make sure they never leave any database exposed, as this is obviously a huge threat to user data,” says Chad Hammond.
When asked to highlight the main points of database security, the expert emphasized:
“Proper protection should include data encryption at rest, wire (in motion) data encryption, identity management, and vulnerability management.
"Data can be exposed to risks both in transit and at rest and therefore requires protection in both states. While there are several different approaches, encryption plays a major role in data protection and is a popular tool for securing data both in transit and at rest.
"Nevertheless, all data should be encrypted using trusted and robust algorithms instead of custom or random methods. It’s also important to select appropriate key lengths to protect your system from attacks.
"Identity management is another important step and should be used to ensure that only the relevant people in an enterprise have access to technological resources.
"Finally, every company should have a local security team responsible for vulnerability management and able to detect any vulnerabilities early on,” says Chad Hammond.
As for the users, the security expert yet again draws attention to the importance of a strong password. “The fact that we have more than 10 billion passwords up for grabs should only encourage people to think of strong, lengthy passwords. If your password is '12345,' no firewall in the world will protect your data. Your password shouldn’t be a dictionary word either - an average person uses only about 20,000-30,000 words, so chances are that all of them are already among those 10 billion,” says the NordPass security expert.
Methodology: NordPass partnered up with a white hat hacker, who scanned elasticsearch and mongoDB libraries, looking for exposed, unprotected databases. Once found, he logged into those public databases and checked what kind of data could be found there. The white hat hacker has shared with NordPass how many exposed databases and entries he had found. The hacker requested to stay anonymous. Time frame: June 2019 to June 2020.
NordPass is a new-generation password manager shaped with cutting-edge technology, zero-knowledge encryption, simplicity, and intuitive design in mind. It securely stores and organizes passwords by keeping them in one convenient place. For more information: nordpass.com.
LIVE #APPNews : Exclusive interview of Prime Minister @ImranKhanPTI on #ARY https://t.c [ ... ]
ISLAMABAD: The National Command and Operations Centre (NCOC) noted on Friday that the a [ ... ]
ISLAMABAD: The Supreme Court issued a detailed verdict in Justice Qazi Faez Isa case on [ ... ]
QUETTA: Following the outbreak of the novel coronavirus, Pakistan has seen a surge in p [ ... ]
ISLAMABAD: The Supreme Court on Friday took notice of lengthy detention of accused in t [ ... ]
ISLAMABAD: The Cambodian government on Friday issued a relocation permit for the transf [ ... ]
ISLAMABAD: The National Command and Operations Centre (NCOC) noted on Friday that the a [ ... ]
ISLAMABAD: Federal Minister for Information and Broadcasting Shibli Faraz said on Frida [ ... ]
ISLAMABAD: The Civil Aviation Authority (CAA) on Thursday took strict action against th [ ... ]
CSA offenders in prison Like everyone else, most legal experts also believe in punishing [ ... ]
PESHAWAR: A key project approval body of the provincial government on Thursday approved [ ... ]
ISLAMABAD: The Senate Standing Committee on Planning Development and Special Initiative [ ... ]
ISLAMABAD: The Federal Committee on Agriculture (FCA) was informed on Thursday that the [ ... ]
Days after being appointed as prime minister’s aide on religious harmony, renowned scho [ ... ]
ISLAMABAD: Pakistan Peoples Party (PPP) Chairman Bilawal Bhutto Zardari has said that t [ ... ]
ISLAMABAD: Pakistan on Thursday cautioned India against any “misadventure” in Gilgi [ ... ]
#COAS visited Gujranwala and Marala today. At Corps HQs Gujranwala, COAS was briefed ab [ ... ]
ISLAMABAD: The Senate witnessed a tumultuous session on Thursday, with lawmakers from b [ ... ]
KARACHI: Leveraging their existing expertise of tele-medicine solutions that comprises [ ... ]
In the wake of current smear campaign of spreading false and baseless information targe [ ... ]
Renowned author, thought leader and Express columnist Arif Anis has been voted ''Brain of [ ... ]
ISLAMABAD: In a rare move, Supreme Court Judge Justice Qazi Faez Isa has made details o [ ... ]
ISLAMABAD: The Foreign Office on Thursday condemned a recent statement by the Indian Ex [ ... ]
ISLAMABAD: Following former prime minister Shahid Khaqan Abbasi's presser, Adviser to P [ ... ]
ISLAMABAD: The Supreme Court (SC) in a written order issued on Thursday directed accoun [ ... ]
ISLAMABAD: Former prime minister Shahid Khaqan Abbasi held Prime Minister Imran Khan r [ ... ]
ISLAMABAD: Foreign Office on Thursday categorically rejected false media reports on Fi [ ... ]
MADRID: "The Clasico is still the Clasico," says La Liga president Javier Tebas. "Fo [ ... ]
CANBERRA: Juventus warm-up for their Champions League clash against Barcelona with a Se [ ... ]
MADRID: Real Madrid forward Eden Hazard is the kind of special talent football needs bu [ ... ]
LONDON: Everton manager Carlo Ancelotti said goalkeeper Jordan Pickford's challenge on [ ... ]
MILAN: AC Milan withstood a late onslaught to beat Celtic 3-1 and AZ Alkmaar overcame t [ ... ]
CANBERRA: Just two months after Paris Saint-Germain's run to the final of the Champion [ ... ]
Keeping up with its promise of bringing fans closer to high-quality domestic cricket, the [ ... ]
CANBERRA: Five games into a Premier League season full of goals and drama, each of the [ ... ]
To encourage the six Cricket Association sides to play an attacking and positive brand of [ ... ]
CANBERRA: Ronald Koeman will know Barcelona can plunge Real Madrid into crisis on Satur [ ... ]
CANBERRA: Borussia Dortmund have been told to forget about social distancing and get s [ ... ]
Pakistan’s wicketkeeper-batsman, Mohammad Rizwan, is likely to be named as the national [ ... ]
The upcoming series between Pakistan and New Zealand will be played with fans inside the [ ... ]
Top-order batsman Abdullah Shafique is ecstatic after being selected in the national team [ ... ]
LONDON: Juergen Klopp pressed midfielder Fabinho into action as an emergency centre bac [ ... ]
this mf needs to shut up permanently pic.twitter.com/FYcwbhwp81 — 〽️ (@iexistpls) [ ... ]
It's been a little over a year since Shahid Kapoor and Kiara Advani-starrer Kabir Singh h [ ... ]
We at @MinistryofST are all set to launch Pakistan’s first OTT Tv (Pak version of #Ne [ ... ]
KARACHI: They say you can never go wrong with white. Or with a sari. The timeless tradi [ ... ]
Mirzapur 2 is finally here, and like the fans, the cast is also excited about it. Recen [ ... ]
A US court has dismissed a case lodged by one of the people who accused Micheal Jackson o [ ... ]
View this post on Instagram
Bollywood's queen of controversy Kangana Ranaut is once again at odds with the law. A cri [ ... ]
View this post on Instagram In a [ ... ]
After joining Netflix in France at the beginning of the year, Studio Ghibli is now moving [ ... ]
Elle Woods is officially heading back to the courtroom! MGM Studios has confirmed that [ ... ]
Zack Snyder’s Justice League cut is getting some killer laughs. Jared Leto, who played [ ... ]
In his new memoir, Greenlights the Dallas Buyers Club star Matthew McConaughey has reveal [ ... ]
LOS ANGELES: In 2006, he shocked the world with his scathing cultural satire of the Uni [ ... ]
Owing to the coronavirus lockdown, Ali Fazal may have had a slow start this year. But t [ ... ]