If there is one thing that the ongoing cybersecurity crisis in U.S. has taught us, then it would be how vulnerable our digital advancements have made us. Our more or less complete reliance on digital tools has provided the threat actors with a huge amount of openings, which they are exploiting for fun these days. The pushback by the American government in response to these attacks didn’t yield any positives, as the hackers continue to run riots against country’s infrastructure. Nevertheless, these hackers cannot be held entirely responsible for this destruction. A good chunk of these mishaps happened because of victim’s own carelessness, and we now have our latest entrant into the category. As per the initial reports that have emerged, a misconfigured cloud database resulted in the breach of over 800 million records that were linked to the users of popular blogging platform, WordPress.
Security researcher, Jeremiah Fowler gave everyone an insight into the situation by revealing that the trove of data in question was just casually left online by US based hosting provider, DreamHost, with no password protection whatsoever. The breached 814 million records reportedly date back from 2018. If several claims are to be believed, then the leaked database included sensitive information like WordPress login location URLs, names, email addresses, roles, usernames, host IP addresses, timestamps, and configuration & security information. It’s being asserted that the leaked data also had information about important government agencies, which makes it even more of a grave issue.
Acting as an additive to this situation, there is this lingering doubt over how long the data had remained exposed. If it’s long enough, then this fiasco could very well inspire another spree of phishing attacks. With ransomware attacks already rampant in the country, cybersecurity agencies maintain a watchful eye on the affected users. The leaking of domain registration and renewal information has given cybercriminals a perfect base to perform financial frauds on gigantic scale, thus an uphill battle of diffusing such attempts now awaits the cybersecurity department.
“Here, a cyber-criminal could manipulate the customer using social engineering techniques to provide billing or payment information to renew the hosting or domain registration.” Fowler said in his assessment of the potential threat.