An unnamed security researcher has discovered an insecure database of nearly 10,000,000 records with more than 10 billion records accessible to anyone online
Password manager NordPass (part of the NordVPN security brand) claims that after researchers with whom it has worked over the past year discovered 9,517 exposed databases containing 10,431,304,898 data entries, the Internet is " It claims that the Internet is "swirling with exposed databases Among them were personal information such as e-mail addresses, phone numbers, account logins, etc
The company also claims that the Internet is "swirling with exposed databases
These unsecured databases are located in 20 countries around the world, with China having the most unsecured online databases
The country with the second largest number of unsecured databases is the United States, with almost 3,000 databases, exposing 23 billion data entries
India is third, with about 520 unsecured databases, and about 4,878,723 data entries could have been freely accessed on the Internet
The top 10 countries on the NordPass list of public databases are Germany (361 databases), Singapore (355 databases), France (247 databases), South Africa (239 databases), the Netherlands (149 databases), Russia (148 databases), and the United Kingdom (140 databases)
Tom's Guide could not confirm these numbers; NordPass did not provide information on how many of these 10 billion records may have contained sensitive information such as passwords, and how many of the publicly available passwords were encrypted information about how many of the passwords were encrypted
The fact that no security researcher is named means that NordPass describes itself as a "white hat hacker" who "wished to remain anonymous"
The researchers conducted their research over a one-year period from June 2019 to June 2020, so it is possible that some of the publicly available databases cited have since been protected or taken offline
NordPass explained that "some of this data is useless and may only be used for testing," but warned that "much of it could be damaging if exposed" (19]
The company noted that many of the largest data breaches in the past year involved insecure databases The company stated in a media release: "For example, millions of Facebook records were exposed on Amazon's public servers
"In another incident, 80 million US households' information was leaked from an unsecured database The data included the victim's address, income, and marital status A US rehab clinic also suffered a data breach, exposing the personal information of approximately 150,000 patients
What is particularly worrisome about insecure databases is that they can be easily accessed over the Internet and subsequently misused by threat actors
NordPass says: "While the idea of searching exposed databases may seem complicated, the process itself is quite simple Search engines like [Censys and Shodan] are constantly scanning the web and anyone can see the exposed databases with just a few clicks If the database administrator uses the default login, getting into the database is a piece of cake
Jake Moore, a security specialist at ESET, told Tom's Guide that there are a few simple steps one can take to protect oneself from a data breach
"This is a new reminder not to reuse passwords because you can't be sure your data will stay safe forever," Moore said
"The first step is to download a reputable password manager and throw away all of your reused passwords
"Once you incorporate this into your daily routine, supplement it with two-factor authentication (2FA), so that if your password is compromised, your account will be more strongly protected 2FA can be found in many apps and account settings and is very easy to set up"
Comments