India’s Vijay Sales Leaks Private Information through Exposed Amazon Backup Server
March 20, 2020 • RBS
Modern companies use various strategies to thwart the persistent attempts of hackers. However, in many cases it is not an offensive measure that breaches sensitive data but simple misconfigurations.
Open Season on Misconfigured Databases
Misconfigured databases have had a consistent role in the increasing number of records exposed. Risk Based Security has written and published research about the practice of targeting open, unsecured databases to either steal data or hold it for ransom since 2016, yet we still see organizations unwittingly provide malicious actors a trove of personal data.
On March 2nd, 2020, a notorious threat actor posted a leaked Vijay Sales database on a popular dark web hacker forum. Vijay Sales is a large electronics retail store chain in India, with nearly two hundred thousand users affected in the leak. The threat actor claimed the source was from an “exposed backup server” breached in February 2020.
The user records included names, email addresses, passwords, phone numbers, and device information. In addition, a total of 90 files were found that also included thousands of customer service records, detailed store and personnel information, business operations information, and numerous administrative accounts that contained usernames, email addresses, passwords, verification codes, and roles.
In the same week, a different threat actor posted another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contained users’ names, email addresses, and passwords as well as the company’s social media keys and company information.
Small Mistakes Add Up
Not only are exposed cloud servers a quick and easy data exfiltration target for hackers, but they can also include sensitive company information and expose much more than just user credentials. These exposed details certainly increase the company’s vulnerability in the future.
The misconfiguration of databases often results from human error and these mistakes add up. In our recent 2019 Year End Data Breach QuickView Report, we highlighted that only four breaches in 2019 resulted in the exposure of 6.7 billion records. All four of these events were caused by open, misconfigured databases that were publicly available.
Numerous exposed servers are shared on hacker forums daily, whether through portal access or pre-downloaded databases, with most of them having unattributed sources. While it is imperative to defend against offensive measures by hackers, it is just as important to not give away that data yourself.