A recent study by website security company Sansec has shed light on the alarming number of online stores. These stores are exposing their private backups in public folders. According to the study, roughly 12% of online stores leave their backups in public folders leading to data breach. It can get easy access without any authentication. The archives contain sensitive information. This includes database passwords, secret administrator URLs, internal API keys, and customer personally identifiable information (PII).
Threat actors are constantly scanning for these backups. Since backups are rich sources of passwords and other sensitive information hackers leverage it to their owners. Sansec reports observing constant activity from attackers who launch automated scans to pinpoint these backups and perform breaches. The study reveals that threat actors try various combinations of possible backup names. Threat actors choose these names on the basis of the site name and public DNS data. These probes are inexpensive to run and do not affect the target store’s performance.
Administrator details stolen: Data breach
If the exposed backups contain administrator details it can be destructive. This information could be master database passwords, or staff accounts. Sansec reports seeing multiple source IPs for these attacks. It indicates that threat actors are well aware of the existence of backups under attack. They are taking advantage of the situation.
To prevent data leaks, Sansec suggests that website owners routinely check their sites for accidentally exposed data and backups. If you have exposed a website backup publicly, it is crucial to immediately reset admin accounts. Also, reset database passwords, and enable two-factor authentication (2FA) on all staff accounts. Additionally, you should check the web server logs to see if the third-party dowloads backup. Also, check admin account activity logs to identify signs of external access and malicious behavior.
Sansec also suggests that website administrators configure the webserver to restrict access to archive files if not needed in daily operations. This will help to prevent data leaks and minimize the risk of breaches. Additionally, those using the Adobe Commerce platform should use the “immutable storage” feature to ensure that their backups are stored securely.