loader gif

Misconfigured database operated by hackers found exposing almost 5GB of stolen credentials

security,service,alert,attack,background,bitcoin,blank,blue,boardroom,business,center,cloud,computer,copyspace,countdown,data,datacenter,display,down,encryption,error,fiber,financial,firewall,hacker,information,interior,internet,keyboard,kvm,money,monitor,network,new,online,performance,presentation,ransomware,red,room,server,space,status,system,technology,text,tower,virus,wannacry,warning
  • The massive email spam campaign has resulted in the compromise of five million unique email credentials.
  • The campaign had occurred between March 8 and March 18, 2019.

Unprotected databases of organizations that expose sensitive data are not a new thing, but misconfigured databases of hackers leaking stolen data are! Recently, researchers have come across a massive email spam campaign that has resulted in the compromise of five million unique email credentials.

The bigger picture - Security researcher Bob Diachenko along with the help of Zack Whittaker from TechCrunch found that an unprotected database was leaking almost 5GB of 11,535,164 records. These records primarily contained compromised emails and plain-text passwords belonging to UK-based users. The researchers were able to gain access to the data as the spammers had forgotten to set the database with a password.

How was the campaign operated - The spammers behind this spam campaign had managed to steal the trove of data in a span of just 10 days - from March 8 to 18, 2019. The campaign had most of the targets in the UK. The spammers used two types of campaigns to steal the data which were called:

  • Boost UK
  • Feed UK

The credentials, thus stolen, were found to be hosted on a domain ‘intelimost[.]com, which is blacklisted by Spamhaus - an international nonprofit organization that tracks spam and related cyber threats.

What has been done - The researchers contact the host provider, Awknet following the discovery of the issue. It has asked the firm to pull the server offline. Within a few hours of making contact, the provider routed the network traffic of the affected server into a sinkhole.

A copy of the database is available on the breach notification site ‘Have I Been Pwned’.

loader gif