1.5 BEEELLION Sensitive Files Found Exposed Online Dwarf Pana Papers Leak
(Apr 5, 2018)
Threat Intelligence firm “Digital Shadows” detected over 1.5 billion publicly available files during the first months of 2018. The data was found to be exposed on multiple file storage systems including Amazon’s S3 buckets, File Transfer Protocol (FTP) servers, misconfigured websites, Network Attached Storage (NAT) drives, rsync, and Server Message Blocks (SMBs). The exposed data amounts to over 12 petabytes (12,000 terabytes) and consist of the following data: credit card information, intellectual property, medical records, payroll data, and tax returns.
Recommendation: Databases should not be directly accessible over, or connected to the internet. For web applications that are accessing database data, make sure all user supplied data is sanitized to prevent SQL injections. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit card statements to assist in identifying potential fraudulent activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.