It was in the september news that the personal details of millions of Ecuadorians lay on the street. They were found in a non-secure server, the Ecuadorian company’s Data. The server was like this in Germany.
The details are different each time, however, researchers and hackers to find a regular to sensitive data in a database that is unsecured and accessible to the public. How can that be, really? Why are there so many databases, so-easy-to-see?
it’s a server or a database in the public domain, is really only that: it can be seen from the open web, where anyone can access it if you have the correct log-in information.
If a company does not have a password, or any other inlogbeveiliging the web site? We say that a non-secure database. A non-secure database and do not even need to be hacked to be a lucky visitor walked in.
the Servers are leaking and sometimes the data
you can find It on the public database does not have to be as complicated as it may seem. There are even specialized search engines that are specific databases for your search.
It’s not just in the traditional way as we know it from Google. Users can also write programs that make up the content of these search engines are search for some of the servers that are accessible to the public.
Cybersecurityonderzoekers, such as the team behind the site vpnMentor regularly scan internet ports to find vulnerabilities, and be open to input. In this way, they are trying to find out if a server in a data leak.
“an attacker may have as a server is just as easy to find as we have,” writes a spokesperson for the research team of the vpnMentor. “It may be that data, and then to steal or manipulate at will.”
the type of data breaches were in the past few years, is regularly in the news. “We have had more unprotected servers this year than before,” wrote the spokesperson. “But we have the numbers yet to analyze.”
How can it be that a server that is unprotected is available online?
“I Often install people to a database that is under the assumption that no-one else can access it,” said the spokesman. “But if you don’t have the right settings are used, they may be able to do.”
There is, however, more often it is spoken about the “bad set” of servers. In such a case, it is referring to the writer, is not only just secure data, but it can also mean that the owner of the server, not all security features are included.
this can occur, for example, because it’s time to do something about it, or because he is not sure that the update system to a standstill. In this case, it could allow an attacker to come in through vulnerabilities in the latest versions already have a poem of his.
in addition think about a lot of companies don’t properly think about who has access to the data, according to vpnMentor. “Such a policy you have to enforce them.” That’s also true for legacy databases: there are too many companies that are laying around on the internet, and they can no longer be used.
The bottom line? “Never let it be a database, where login details are required to be open to the experience.”
Abuse is increasing
The FBI does come up with a creative new way to exploit a database at the federal police office, advises companies to give fake data to the servers. The reason for this? Hackers are in reality, according to Ars Technica.
This kind of technology will, in the coming period of time will only become more important. The number of data breaches in the first three quarters of 2019, with a 33 per cent increase compared to the same period in the previous year, according to research conducted by Risk Based Security. Of the 7.9 billion pieces of data were stolen, it was approximately 6 billion, due to a bad set of databases, backup and it services”.
