Millions of supposedly private links leaked online by safe link provider
Date:
Thu, 05 Dec 2024 13:00:00 +0000
Description:
A company kept an unprotected database on the internet and it ended up looted and destroyed.
FULL STORY ======================================================================The Cybernews team found a huge database belonging to Safelinking It cointained
30 million links, as well as customer data A malicious bot scraped, and destroyed it
A company that provides safe links services kept a major database with sensitive information unlocked and available to anyone who knew where to
look.
As a result, sensitive information on millions of people got leaked on the dark web, and the database ended up destroyed.
This is according to cybersecurity researchers Cybernews. In early August,
the team discovered a poorly configured and passwordless MongoDB database belonging to a company called Safelinking.net, a firm that provides password-protected links services. Ransom demanded
When someone wants to send sensitive data across the internet, they can lock the link behind a PIN, or password, using companies like Safelinking. Thus,
it is safe to assume that the data behind the link is highly sensitive in nature.
Still, Safelinking made the all-too-common error and failed to properly
secure the database, Cybernews argues. It contained 30 million private links, as well as account data on more than 150,000 users. This data includes
peoples usernames, emails, encrypted passwords with salt and API hashes, notification settings, security settings associated with the links, social media account IDs, and protected links.
Oftentimes, the researchers are first ones to find these databases, averting
a bigger catastrophe. Not this time, though. Cybernews discovered that a malicious bot beat them to the punch, pulling all the data to an attacker-controlled server, and leaving a message that the archives would be destroyed if roughly $600 in bitcoin isn't paid.
Since Safelinking didnt pay the ransom demand, the bot destroyed the
database, and its no longer publicly available.
"It's a good reminder of why it's so important to have solid security
measures in place for platforms handling this type of data, said the
Cybernews research team. Even if the platforms sometimes fail to secure
users' privacy, it's good to know basic security hygiene, like using multi-factor authentication.
Via Cybernews You might also like Mystery database containing sensitive info on 762,000 car-owners discovered by researchers Here's a list of the best firewalls today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/millions-of-supposedly-private-links-le aked-online-by-safe-link-provider
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)