[BreachExchange] India’s Vijay Sales Leaks Private Information through Exposed Amazon Backup Server

[Destry Winant]

https://www.riskbasedsecurity.com/2020/03/20/indias-vijay-sales-leaks-private-information-through-exposed-amazon-backup-server/

Modern companies use various strategies to thwart the persistent
attempts of hackers. However, in many cases it is not an offensive
measure that breaches sensitive data but simple misconfigurations.

Open Season on Misconfigured Databases

Misconfigured databases have had a consistent role in the increasing
number of records exposed. Risk Based Security has written and
published research about the practice of targeting open, unsecured
databases to either steal data or hold it for ransom since 2016, yet
we still see organizations unwittingly provide malicious actors a
trove of personal data.

VIJAY SALES

On March 2nd, 2020, a notorious threat actor posted a leaked Vijay
Sales database on a popular dark web hacker forum. Vijay Sales is a
large electronics retail store chain in India, with nearly two hundred
thousand users affected in the leak. The threat actor claimed the
source was from an “exposed backup server” breached in February 2020.

The user records included names, email addresses, passwords, phone
numbers, and device information. In addition, a total of 90 files were
found that also included thousands of customer service records,
detailed store and personnel information, business operations
information, and numerous administrative accounts that contained
usernames, email addresses, passwords, verification codes, and roles.

GEOCLOUD

In the same week, a different threat actor posted another database,
this time from technology company GeoCloud, leaked through a public
Amazon server. The data contained users’ names, email addresses, and
passwords as well as the company’s social media keys and company
information.

Small Mistakes Add Up

Not only are exposed cloud servers a quick and easy data exfiltration
target for hackers, but they can also include sensitive company
information and expose much more than just user credentials. These
exposed details certainly increase the company’s vulnerability in the
future.

The misconfiguration of databases often results from human error and
these mistakes add up. In our recent 2019 Year End Data Breach
QuickView Report, we highlighted that only four breaches in 2019
resulted in the exposure of 6.7 billion records. All four of these
events were caused by open, misconfigured databases that were publicly
available.

Numerous exposed servers are shared on hacker forums daily, whether
through portal access or pre-downloaded databases, with most of them
having unattributed sources. While it is imperative to defend against
offensive measures by hackers, it is just as important to not give
away that data yourself.