DreamHost massive database hoard not even password-protected:
Security expert Jeremiah Fowler provides that the huge hoard of the cloud database was left completely unprotected by hosting provider DreamHost where no traces of password protection were found for the online trove.
The DreamHost firm is a Los Angeles-based web hosting provider and domain name registrar
The security researcher noted that he was able to come across a whopping 814 million records linked to WordPress that were traced back to data as old as 2018.
The online database hoard rounded up to be about 86GB and included data such as admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps, and configuration and security information.
Reportedly, the database was also found to have exposed user data relating to .gov and .edu email addresses.
Addressing the matter:
Subsequently, the issue was resolved hours when it was reported to DreamHost regarding the exposure of its WordPress records.
DreamHost claimed the data only contained “performance metrics of a small number of our customers’ sites.” “It was available for approximately 12 hours before being removed,” a DreamHost spokesperson said. “During this time we believe this database was accessed by a single internet user – a security researcher who had been scanning our IP space. He alerted us to the finding as we were already in the process of taking it down.
“This database did not contain personally identifying information of DreamHost customers as defined by a variety of statutes in jurisdictions in which we operate, nor did it contain any user passwords (encrypted or otherwise).” After publication, DreamHost issued a post stating that the leaked data only linked to 21 websites.
Critical potential threats:
It is concerning to note that the timeframe within which such a huge trove of the cloud-based WordPress database may have remained exposed is still unclear, thereby jeopardizing the users in scenarios like phishing attacks.
Malicious actors probing for exposed databases like this have in the past also stolen and ransomed the information contained within.
Fowler also directed that the database’s record of “actions” such as domain registrations and renewals.
“These could potentially give an estimated timeline of when the next payment was due and the bad guys could try to spoof an invoice or create a man-in-the-middle attack,” he argued. “Here, a cyber-criminal could manipulate the customer using social engineering techniques to provide billing or payment information to renew the hosting or domain registration.”