Unsecured databases are quickly becoming a massive data security problem. Researchers have found close to 10.5 billion pieces of consumer data left vulnerable on almost 10,000 unsecured databases across 20 countries. With the information stored in unprotected databases, cybercriminals would have to put little to no effort to access the data.
Since hacking databases can be an easy target for cybercriminals to steal data, they are becoming more frequent. Just the smallest mistake made by a database manager can lead to large amounts of intimate data to be left sitting on the internet. Virtually anyone could access these unsecured databases through publicly available websites and tools. Search engines such as Censys and Shodan assist hackers in scanning the web to view databases left open.
With the data in hand, hackers can easily cause all sorts of damage to their victims and their data. Information such as full names, logins, and addresses are most valuable to spammers and cyber criminals conducting phishing campaigns. Data could also be used to run phishing attacks that could lead to thousands of dollars in losses from selling on the dark web.
Last month, 235 million users on popular databases such as Instagram, Tik Tok, and Youtube profiles were exposed to massive data leaks. Based on collected samples, one in five records contained either a telephone number or an email address. Along with that, every record contained some or all data, including full names, profile photos, and account descriptions. The leaked data is said to have originated from a Hong-Kong registered company, Deep Social, which sells data on social media.
Unfortunately, unsecured databases are not disappearing anytime soon. It will only become more common. For organizations to protect and secure their website databases, they should deploy Zero Trust data security such as SecureCircle. Regardless of where data is stored including databases, source code repositories, or SaaS applications such as Salesforce or Workday, data needs to persistently secure.
At SecureCircle, we believe frictionless data security drives business value for our customers. End users operate without obstacles, while data is continuously secured against breaches and insider threats. Instead of relying on complex reactive measures, we simply secure data persistently in transit, at rest, and even in use.