A research conducted by NordVPN’s NordPass password manager reveals more than nine thousand unsecured databases across 20 countries can be attacked effortlessly.
According to NordPass password manager’s research, a total of 9,517 unsecured databases ensuing more than ten billion (10,463,315,645) records have been exposed online for public access without any security authentication.
These databases contain details such as email, names, passwords, and phone numbers. In total, 51% of the databases were exposed on Elasticsearch while 49% on MongoDB, NordPass told Hackread.com.
1: 3794 unsecured databases are from China
The research mentions that the unsecured databases span across twenty countries with China topping the list with 3794 exposed entries. This is in fact distressing as this insinuates a whopping 2.6 billion users are vulnerable to data and privacy breach.
2: 3000 unsecured databases are from the US
The second on the list is the United States with almost 3000 unprotected databases and more than 2 billion entries exposed.
3: 520 unsecured databases are from India
India is next on the list with 520 unsecured databases with almost five million entries. Other countries in the top ten include Germany, Singapore, France, South Africa, The Netherlands, Russia, and the United Kingdom.
Full list of top 20 countries with most unsecured databases:
Although some of the data might be redundant or only be used for testing purposes, much of it can be exploited, noted the company.
Furthermore, identifying unsecured databases isn’t a big deal as it seems. With only a few taps, search engines like Shodan or Censys can constantly scan the internet and open databases with default logins effortlessly.
According to Chad Hammond, a security expert at NordPass,
“In fact, with proper equipment, you could easily scan the whole internet on your own in just 40 minutes.”
Only recently, Hong Kong-based UFO VPN despite claiming to have a zero logs policy had their database exposed for threat attackers to access. The database contained user logs and other sensitive data.
What’s noteworthy is that before UFO VPN could take any pertinent action to secure their database, attackers took the initiative and wiped clean the entire database dubbing it as “Meow.”
At the same time, Meow attack has also targeted one of the biggest payment platforms in Africa as well. Regarding this, Hammond adds:
“The Meow attack against unsecured databases should only reinforce the need for proper data security. And while some of the affected databases only contained testing data, the Meow attack targeted some high-level victims, among which was one of the biggest payment platforms in Africa.”
However, the eye-opening details revealed make one thing very clear, that is, every company, entity, or developer should conform to extra security and never leave a database exposed. Besides this, Encryption with robust algorithms are pertinent for data protection and also secures sensitive data.
On the users’ part, strong and lengthy passwords can help secure your information. If your passwords are easy to decipher than no firewall in the world can protect your confidential or sensitive information from attackers.