Data breaches today still remain one of the most common security issues for companies judging by their frequency and the damage that they cause. What’s more disappointing is that most of these occur because of rookie mistakes like using no password to secure the database.
Just a couple of days ago Hackread.com reported exclusive information on Indonesian e-commerce giant Tokopedia being hacked and database with personal details of 91 million users being sold online.
Now, another such case has occurred in which a research team at Safety Detectives came across a leaked database belonging to the oldest French newspaper Le Figaro which has one of the largest circulations in the country.
Containing more than 8TB of data along with about 7.4 billion records; the database was hosted on an Elasticsearch server owned by a French company named Pony Telecom.
According to a blog post published by researchers, the data leaked included the API logs for 3 months dating from April 2020 back to February 2020 of both the desktop and mobile site versions. Within these logs were records of those users who had registered within the aforementioned period and “pre-existing” users who had logged in during this time period.
Bonus: Best legal & free online streaming sites for movies & TV shows 2020 (no signup or payment card required)
The records of the former ones included both login credentials and Personally Identifiable Information(PII) whereas the latter only contained PII comprising of:
- Full names
- Home Addresses
- Passwords for new users, in cleartext and hashed with md5
- Countries of residence and zip code
- IP addresses
- Internal server access tokens
Example of exposed sample data:
Hackers with access to a database like Le Figaro’s could attempt billions of password combinations per second, on various platforms simultaneously. It wouldn’t take long for them to exploit the exposed PII data to gain access to private email and cloud accounts and implement further fraud schemes accordingly.
Moreover, as observed in the data record above, the researchers state, “many indices in the leak seemed connected to the AGORA system, most likely used as a CRM by the company”.
Additionally, some of this data was also found to be of the newspaper’s employees & reporters. However, this wasn’t all that was exposed. Technical logs were also present comprising of:
- SQL query errors
- Traffic between different servers
- Communication protocols
- Potential access to admin accounts
This although not of much use to a layman can be used by attackers to find vulnerability points for future attacks as they reveal crucial details about the system in itself.
Concluding, a definite number of compromised users could not be found but estimates point to a figure of 42000. Yet, this number could be larger as well considering the database was functioning since March 2019 and may have been exposed earlier than discovered.
For the time being, the breach has been reported to Le Figaro and action may well have been taken.
With that said, the focus of the company should be to minimize the impact of the breach and take good security practices in the future which includes using reputable vendors throughout their IT infrastructure chain, something not done here as Pony Telecom is notorious for its shady practices.
Nevertheless, they could perhaps learn from the various companies before them that were embroiled in such compromises and take heed.