[BreachExchange] India’s Vijay Sales Leaks Private Information through Exposed Amazon Backup Server
Destry Winant
destry at riskbasedsecurity.com
Fri Mar 20 10:28:05 EDT 2020
https://www.riskbasedsecurity.com/2020/03/20/indias-vijay-sales-leaks-private-information-through-exposed-amazon-backup-server/
Modern companies use various strategies to thwart the persistent
attempts of hackers. However, in many cases it is not an offensive
measure that breaches sensitive data but simple misconfigurations.
Open Season on Misconfigured Databases
Misconfigured databases have had a consistent role in the increasing
number of records exposed. Risk Based Security has written and
published research about the practice of targeting open, unsecured
databases to either steal data or hold it for ransom since 2016, yet
we still see organizations unwittingly provide malicious actors a
trove of personal data.
VIJAY SALES
On March 2nd, 2020, a notorious threat actor posted a leaked Vijay
Sales database on a popular dark web hacker forum. Vijay Sales is a
large electronics retail store chain in India, with nearly two hundred
thousand users affected in the leak. The threat actor claimed the
source was from an “exposed backup server” breached in February 2020.
The user records included names, email addresses, passwords, phone
numbers, and device information. In addition, a total of 90 files were
found that also included thousands of customer service records,
detailed store and personnel information, business operations
information, and numerous administrative accounts that contained
usernames, email addresses, passwords, verification codes, and roles.
GEOCLOUD
In the same week, a different threat actor posted another database,
this time from technology company GeoCloud, leaked through a public
Amazon server. The data contained users’ names, email addresses, and
passwords as well as the company’s social media keys and company
information.
Small Mistakes Add Up
Not only are exposed cloud servers a quick and easy data exfiltration
target for hackers, but they can also include sensitive company
information and expose much more than just user credentials. These
exposed details certainly increase the company’s vulnerability in the
future.
The misconfiguration of databases often results from human error and
these mistakes add up. In our recent 2019 Year End Data Breach
QuickView Report, we highlighted that only four breaches in 2019
resulted in the exposure of 6.7 billion records. All four of these
events were caused by open, misconfigured databases that were publicly
available.
Numerous exposed servers are shared on hacker forums daily, whether
through portal access or pre-downloaded databases, with most of them
having unattributed sources. While it is imperative to defend against
offensive measures by hackers, it is just as important to not give
away that data yourself.
More information about the BreachExchange
mailing list