- Joined
- May 15, 2016
- Messages
- 4,020
- Likes
- 2,572
- Points
- 1,730
An unprotected database with more than 62 million records was found in the public domain.
The lack of protection of the database of the Digital Point Webmaster Forum has led to data breaches of 800,000 users.
The California-based Digital Point Forum describes itself as "the largest webmaster community in the world." Its users are freelancers, marketers, developers and other professionals.
On July 1 this year, WebsitePlanet's research team and security expert Jeremiah Fowler discoveredAn unsecured Elasticsearch database containing over 62 million records, including 863,412 Digital Point user data (names, email addresses, and internal ID numbers). In addition, the database contained internal user records and publications.
While examining the database in order to find out its owner, the researchers came across datasets related to forum members who complained about messages, indicating the reasons for the complaints, such as "bad business relationship", spam, etc. In other words, these datasets are highly personal.
In addition to data theft and phishing, an unprotected database can fall prey to the Meow Bot, an automated script that compromised thousands of MongoDB and Elasticsearch databases this July. Once deployed, the script replaces the data with numbers and the word "meow".
Fowler notified Digital Point of the problem the same day it was discovered, July 1st. It is noteworthy that the researcher found the necessary email address in the same place, in an unprotected database. Within hours of the notification, the Digital Point administration closed the database.
__________________
The lack of protection of the database of the Digital Point Webmaster Forum has led to data breaches of 800,000 users.
The California-based Digital Point Forum describes itself as "the largest webmaster community in the world." Its users are freelancers, marketers, developers and other professionals.
On July 1 this year, WebsitePlanet's research team and security expert Jeremiah Fowler discoveredAn unsecured Elasticsearch database containing over 62 million records, including 863,412 Digital Point user data (names, email addresses, and internal ID numbers). In addition, the database contained internal user records and publications.
While examining the database in order to find out its owner, the researchers came across datasets related to forum members who complained about messages, indicating the reasons for the complaints, such as "bad business relationship", spam, etc. In other words, these datasets are highly personal.
In addition to data theft and phishing, an unprotected database can fall prey to the Meow Bot, an automated script that compromised thousands of MongoDB and Elasticsearch databases this July. Once deployed, the script replaces the data with numbers and the word "meow".
Fowler notified Digital Point of the problem the same day it was discovered, July 1st. It is noteworthy that the researcher found the necessary email address in the same place, in an unprotected database. Within hours of the notification, the Digital Point administration closed the database.
__________________