Many online stores are exposing private customer data

En İyi Ev Ses Sistemi, Ev Ses Sistemleri Online, müzik dinlemek için en iyi hoparlörler, ev stereo sistemi bileşenleri, Satılık Müzik Seti

Many top online stores are exposing private customer data, putting both the business, and their users, at risk of identity theft, extortion attacks, and other cybersecurity incidents, new research has claimed.

Analyzing more than 2,000 online stores, Sansec found that 250, or approximately 12%, kept their backups in public folders which are easily accessible to anyone who knows where to look. 

The backups, mostly .ZIP, .SQL, and .TAR archives, contained sensitive information, such as database passwords, secret administrator URLs, internal API keys, and personally identifiable customer information. 

Costly mistakes

Sansec says businesses kept these backups public either in negligence or in error. 

At the same time, cybercriminals are well aware that businesses sometimes make these mistakes, and are always on the prowl for fresh victims. 

“Online criminals are actively scanning for these backups, as they contain passwords and other sensitive information,” Sansec said in its report. “Exposed secrets have been used to gain control of stores, extort merchants and intercept customer payments.”

Read more

> These countries have the most exposed databases online

> Millions of MySQL servers found exposed online – is yours among them?

> Check out the best security suites right now

Hunting for exposed backups is an automated practice, BleepingComputer said in its report. Attackers look for different combinations of possible names, using the site’s name and public DNS data, for example “/db/staging-SITENAME.zip”. These scans are inexpensive and don’t hurt the site’s performance, so hackers are free to conduct as many as they can. 

To tackle the threat, Sansec says, website owners and IT teams should regularly analyze their sites for databases exposed in error and out of negligence. In case they find such a database, resetting admin accounts and database passwords, and enabling MFA on all employee accounts immediately, is recommended. 

What’s more, IT teams can check the web server logs to see if anyone downloaded the backup. They can also check admin account logs to see if any third-party accessed them.

  • These are the best firewalls right now

Via: BleepingComputer

En İyi Ev Ses Sistemi,
Ev Ses Sistemleri Online,
müzik dinlemek için en iyi hoparlörler,
ev stereo sistemi bileşenleri,
Satılık Müzik Seti

stereoguide-referencehometheater-techradar