Scientists have found that thousands of computers and other devices connected to the Internet, unintentional or purposefully provide access to millions of files with potentially sensitive information. These data can be used in various ways, it is said in analysis Censys, published September 27.
Researchers scanned the Internet and identified about 314,000 separate devices and web servers with open catalogs. As a result, “one of the most complete databases of all open catalogs on the Internet was created.”
Analysis showed that hundreds of devices contain backup copies of databases, as well as files with table extensions. More than 9,000 of them are associated with financial information, and thousands of other files may contain authentication data, network data and many others.
Censys researchers emphasized that they did not look at the contents of the files, but only tried to convey an urgent problem to the public. They said: “These data indicate that the Internet has a potential” gold core “of information related to the databases that attackers can use to operate vulnerabilities.”
This phenomenon is not new, experts noted. However, most of the discovered data was created or changed in 2023, which suggests that the problem is still relevant, despite the efforts of companies to improve safety.
Open catalogs through which you can access files are usually closed for free access, however, due to errors in tuning, they sometimes become public. The search for such catalogs for some was a hobby, but the leakage of information from them can lead to serious consequences.
So, for example, due to the incorrect configuration in March of this year, about 56 thousand residents of Washington were published, including senior officials. In another case, due to the actions of the attackers in the public domain There were personal data over 550 thousand users of the American weapon sale site.
Silas Katler, a security researcher from Stairwell, remembered a quote from Forest Gamp and a little it paraphrased: “Open web catalogs are like a box of sweets, sometimes it is a storage of Linux images, and sometimes it is a threat subject that made a mistake in storing data “, referring to your recent report , which described in detail the data found on an unprotected server used to deploy a carrier program Akira.