CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
More than 300 thousand devices and web servers shared their secrets.
Scientists have found that thousands of computers and other devices connected to the Internet inadvertently or purposefully provide access to millions of files with potentially sensitive information. This data can be used in various ways, according to an analysis by Censys published on September 27.
The researchers scanned the Internet and identified about 314,000 individual devices and web servers with open directories. As a result, "one of the most complete databases of all open directories on the Internet"was created.
The analysis showed that hundreds of devices contain database backups, as well as files with table extensions. More than 9,000 of them are related to financial information, and thousands of other files can contain authentication data, network data, and more.
Censys researchers stressed that they did not view the contents of the files, but only tried to convey to the public an actual problem. They said: "This data indicates that there is a potential 'gold mine' of database-related information on the Internet that can be used by attackers to exploit vulnerabilities."
This phenomenon is not new, experts noted. However, most of the detected data was created or modified in 2023, which suggests that the problem is still relevant, despite the efforts of companies to improve security.
Open directories through which files can be accessed are usually closed for free access, but due to configuration errors, they sometimes become public. Searching for such directories has become a hobby for some, while leaking information from them can lead to serious consequences.
So, for example, due to an incorrect configuration in March of this year, the medical data of about 56 thousand Washington residents, including high-ranking officials, were published. In another case, due to the actions of intruders, personal data of more than 550 thousand users of an American site selling weapons was publicly available.
Silas Cutler, a security researcher at Stairwell, recalled a quote from Forest Gump and paraphrased it a bit: "Open web directories are like a box of candy, sometimes it's a Linux image repository, and sometimes it's a threat actor who made a mistake in data storage," referring to his recent report detailing the data found on an unsecured server used to deploy the Akira ransomware program.
Scientists have found that thousands of computers and other devices connected to the Internet inadvertently or purposefully provide access to millions of files with potentially sensitive information. This data can be used in various ways, according to an analysis by Censys published on September 27.
The researchers scanned the Internet and identified about 314,000 individual devices and web servers with open directories. As a result, "one of the most complete databases of all open directories on the Internet"was created.
The analysis showed that hundreds of devices contain database backups, as well as files with table extensions. More than 9,000 of them are related to financial information, and thousands of other files can contain authentication data, network data, and more.
Censys researchers stressed that they did not view the contents of the files, but only tried to convey to the public an actual problem. They said: "This data indicates that there is a potential 'gold mine' of database-related information on the Internet that can be used by attackers to exploit vulnerabilities."
This phenomenon is not new, experts noted. However, most of the detected data was created or modified in 2023, which suggests that the problem is still relevant, despite the efforts of companies to improve security.
Open directories through which files can be accessed are usually closed for free access, but due to configuration errors, they sometimes become public. Searching for such directories has become a hobby for some, while leaking information from them can lead to serious consequences.
So, for example, due to an incorrect configuration in March of this year, the medical data of about 56 thousand Washington residents, including high-ranking officials, were published. In another case, due to the actions of intruders, personal data of more than 550 thousand users of an American site selling weapons was publicly available.
Silas Cutler, a security researcher at Stairwell, recalled a quote from Forest Gump and paraphrased it a bit: "Open web directories are like a box of candy, sometimes it's a Linux image repository, and sometimes it's a threat actor who made a mistake in data storage," referring to his recent report detailing the data found on an unsecured server used to deploy the Akira ransomware program.
