Jump to content
  • Over 12% of analyzed online stores expose private data, backups

    alf9872000

    • 528 views
    • 3 minutes
     Share


    • 528 views
    • 3 minutes

    Many online stores are exposing private backups in public folders, including internal account passwords, which can be leveraged to take over the e-commerce sites and extort owners.

     

    According to a study by website security company Sansec, roughly 12% of online stores forget their backups in public folders due to human error or negligence.

     

    The study examined 2,037 stores of various sizes and found that 250 (12.3%) exposed ZIP, SQL, and TAR archives on public web folders that can be freely accessed without requiring authentication.

     

    The archives appear to be backups containing database passwords, secret administrator URLs, internal API keys, and customer PII (personally identifiable information).

     

    backups.png

    Publicly exposed backups found by Sansec

     

    In the same report, Sansec explains that its analysts observe constant activity from attackers who launch automated scans trying to pinpoint these backups and perform breaches.

     

    “Online criminals are actively scanning for these backups, as they contain passwords and other sensitive information,” reads the Sansec report.

     

    “Exposed secrets have been used to gain control of stores, extort merchants and intercept customer payments.”

     

    Threat actors try out various combinations of possible backup names on target sites based on the site name and public DNS data, such as “/db/staging-SITENAME.zip.”

     

    Because these probes are inexpensive to run and do not affect the target store’s performance, threat actors can conduct them for entire weeks until they find a backup.

     

    Sansec reports seeing multiple source IPs for these attacks, so threat actors are well aware of the existence of exposed backups, and many of them are attempting to take advantage.

     

    If the exposed backups contain administrator details, master database passwords, or staff accounts, the attackers can use them to gain access to the site and steal data or perform destructive attacks.

     

    probing.png

    Probing activity captured by Sansec

    Check your sites!

    Sansec urges website owners to routinely check their sites for accidentally exposed data and backup.

     

    If you have exposed a website backup publicly, immediately reset admin accounts and database passwords, and enable 2FA on all staff accounts.

     

    Additionally, check the web server logs to see if the backup was downloaded by a third party, and check admin account activity logs to identify signs of external access and malicious behavior.

     

    Sansec suggests that website administrators configure the webserver to restrict access to archive files if not needed in daily operations to prevent data leaks. 

     

    Additionally, those using the Adobe Commerce platform should use the “immutable storage” feature.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...