Many online stores are leaving their private backups in public folders, which can be used to take control of the e-commerce sites and extort owners. According to a study by website security company Sansec, around 12% of online stores are making this mistake due to human error or negligence. The study looked at 2,037 stores of different sizes and found that 250 of them had ZIP, SQL, and TAR archives in public web folders that could be accessed without authentication. These archives contained database passwords, secret administrator URLs, internal API keys, and customer PII. Sansec's report also states that attackers are constantly scanning for these backups, as they contain passwords and other sensitive information. Exposed secrets have been used to gain control of stores, extort merchants, and intercept customer payments. Attackers use various combinations of possible backup names based on the site name and public DNS data, such as /db/staging-SITENAME.zip. These probes are inexpensive and do not affect the target stores performance, so attackers can conduct them for extended periods of time until they find a backup. Sansec recommends that website owners regularly check their sites for accidentally exposed data and backups. If a website backup has been exposed, it is important to reset admin accounts and database passwords, and enable 2FA on all staff accounts. Additionally, web server logs should be checked to see if the backup was downloaded by a third party, and admin account activity logs should be checked for signs of external access and malicious behavior. Sansec suggests that website administrators configure the webserver to restrict access to archive files if not needed in daily operations to prevent data leaks. Those using the Adobe Commerce platform should use the Immutable storage feature.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 07 Feb 2023 18:58:02 +0000