The cyber security researchers at Website Planet published a report on discovering an unprotected database containing a trove of data. The exposed server, which belonged to a global online retailer, was identified twice between April to July 2022.
According to Website Planet and security researcher Jeremiah Fowler, the first time the server was found was in April 2022. What’s worse, even after several responsible disclosure attempts, they didn’t receive any response from the company, and the unprotected database remained open to public access for several days post-discovery.
In July 2022, they discovered the same database hosted on a different IP address. Again, they didn’t receive any response from the owner, but the exposed AWS server was secured quickly.
However, a probe revealed the database was exposed due to a misconfiguration caused by the server’s owner or the company responsible for managing IT infrastructure, not Amazon Web Services’ fault.
During the first exposure in April, the database contained 706,206,770 documents (406.79GB size), and the second time in July, it contained 1,166,293,742 documents (601.84GB).
Who Owns the Database?
According to Fowler, the database had several references to Vevor, an online retailer based in California. However, Crunchbase claims that although the company is registered in the US, its website suggests it is based in China, boasting more than ten million customers across 200 countries/regions.
The brand deals in tools and equipment and offers DIYers and professionals advanced tools and equipment at low rates.
Contents of the Database
The content of the database was marked as Production. It contained PII and other sensitive data related to the company’s online operations. For instance, the data contained customer details, including first and last names, transaction IDs, partial credit card numbers, refund info, etc.
The checkout and payment records were also part of the database. This included names, currency, home addresses, email IDs, etc. It is worth noting that the data was stored both in hashed and plain text formats.
The email addresses were part of around seven folders named email-API. There were, in total, 8.1 million records (approx. 31.64GB). A limited sample of 10,000 records was evaluated, and 2,559 email IDs were declared unique.
Conversely, 12.9 million records were contained in folders titled Members. Researchers found that all records didn’t have customer names in plain text. There were records with various Localized Domains, including .com, .ca, .de, .it, .uk, .es, .fr, and .au.
Also, part of the database were error messages in Chinese and internal images and documents hosted on amazonaws.com.cn. Furthermore, there were internal Vevor account admin names and plaintext passwords, active password reset links, credit card numbers (partial), and references to tax and passport numbers.
“IP addresses, Ports, Pathways, middleware, and storage info that cybercriminals could exploit to access systems or services. Overall, the exposure provided a complete look at Vevor’s operating structure, logging, monitoring and error records, and more. Configuration information that could be used to penetrate deeper in the network,” Website Planet’s blog post revealed.
At the time of writing, the server was either secured or taken down. Nevertheless, the good news is that it is not available for public access.
Dangers of a misconfigured server
Databases are a crucial part of modern technology, used to store and manage important data. However, if these databases are not properly configured, they can become a massive security flaw that can leave your personal or business information vulnerable to attack.
A misconfigured database can open the door for hackers and other malicious outsiders to access confidential information without authorization. The risks associated with an improperly configured or misconfigured database are numerous and should be taken seriously.
By leaving key ports open on your server or failing to update software regularly, hackers could gain unauthorized access to sensitive information such as usernames, passwords, credit card numbers, social security numbers, and more.
Additionally, they could manipulate stored data or even delete valuable records entirely – making it vital that proper measures are taken to ensure a secure system environment.
- Misconfigured baby monitors expose video stream online
- Anonymous hacked 90% of Russian misconfigured databases
- US and China Exposed Most Servers Among 308k Found in 2021
- Misconfigured Servers Exposed 579 GB of Users’ Website Activity
- Exposed Server Revealed US Military’s Social Media Spying Campaign