Over 12% of analyzed online stores expose private data, backups

Orchid

Level 1
Thread author
Jan 27, 2023
44
Many online stores are exposing private backups in public folders, including internal account passwords, which can be leveraged to take over the e-commerce sites and extort owners. According to a study by website security company Sansec, roughly 12% of online stores forget their backups in public folders due to human error or negligence. The study examined 2,037 stores of various sizes and found that 250 (12.3%) exposed ZIP, SQL, and TAR archives on public web folders that can be freely accessed without requiring authentication. The archives appear to be backups containing database passwords, secret administrator URLs, internal API keys, and customer PII (personally identifiable information).

I find this disturbing. However, the article and the Sansec report (I will like below) don't say which online stores are affected. I would assume most online stores (reliable and unknown) are having this privacy problem.

News Article:
Over 12% of analyzed online stores expose private data, backups

Sansec Report
Sansec analysis: 12% of online stores leak private backups
 
  • +Reputation
Reactions: Gandalf_The_Grey
F

ForgottenSeer 98186

I find this disturbing. However, the article and the Sansec report (I will like below) don't say which online stores are affected. I would assume most online stores (reliable and unknown) are having this privacy problem.

News Article:
Over 12% of analyzed online stores expose private data, backups

Sansec Report
Sansec analysis: 12% of online stores leak private backups
The way it works after the type of scan mentioned in the linked article is an attacker goes to the website (URL) and then uses a utility to perform what is called "directory busting." This is a technique that uses the front page of the website directly to enumerate the hidden directories in the website. All websites have hidden directories that can be enumerated from within the browser. If one of those directories does not have correctly configured permissions (for example a backup or customer data files), then the attacker can access the directory and its contents.

If the website is using unpatched modules or components, then the attacker might be able to access directories and files which they would normally not be able to access through a path or directory traversal exploit. Dependent upon the type of exploit they can even gain root privileges and have access to the entire server (and network).

Of course, the whole point of the article is if an attacker obtains a backup that has administrator passwords, the attacker can just walk in.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top