Approximately one in eight online stores have a security breach that reveals confidential information and backups

Many online stores are leaving their private backups in public folders, which can be used to take control of the e-commerce sites and extort owners. According to a study by website security company Sansec, around 12% of online stores are making this mistake due to human error or negligence. The study looked at 2,037 stores of different sizes and found that 250 of them had ZIP, SQL, and TAR archives in public web folders that could be accessed without authentication. These archives contained database passwords, secret administrator URLs, internal API keys, and customer PII. Sansec's report also states that attackers are constantly scanning for these backups, as they contain passwords and other sensitive information. Exposed secrets have been used to gain control of stores, extort merchants, and intercept customer payments. Attackers use various combinations of possible backup names based on the site name and public DNS data, such as /db/staging-SITENAME.zip. These probes are inexpensive and do not affect the target stores performance, so attackers can conduct them for extended periods of time until they find a backup. Sansec recommends that website owners regularly check their sites for accidentally exposed data and backups. If a website backup has been exposed, it is important to reset admin accounts and database passwords, and enable 2FA on all staff accounts. Additionally, web server logs should be checked to see if the backup was downloaded by a third party, and admin account activity logs should be checked for signs of external access and malicious behavior. Sansec suggests that website administrators configure the webserver to restrict access to archive files if not needed in daily operations to prevent data leaks. Those using the Adobe Commerce platform should use the Immutable storage feature.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 07 Feb 2023 18:58:02 +0000


Cyber News related to Approximately one in eight online stores have a security breach that reveals confidential information and backups

Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
1 year ago Infoworld.com
Teaching Digital Literacy and Online Safety - It is crucial for educators to prioritize teaching online safety to ensure that students are equipped with the necessary skills to protect themselves online. This article aims to explore the importance of teaching digital literacy and online safety, ...
1 year ago Securityzap.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
Approximately one in eight online stores have a security breach that reveals confidential information and backups - Many online stores are leaving their private backups in public folders, which can be used to take control of the e-commerce sites and extort owners. According to a study by website security company Sansec, around 12% of online stores are making this ...
1 year ago Bleepingcomputer.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
11 months ago Securityzap.com
Online Learning Security Best Practices - The rapid increase in remote learning has raised security concerns surrounding online learning platforms. The security of online learning platforms involves implementing robust measures to protect against unauthorized access and data breaches. By ...
1 year ago Securityzap.com
Why We Need to Cultivate a Confidential Computing Ecosystem - Researchers have been working on solutions for runtime security for years now. Computing data and deriving value from it - while also preserving its privacy - is no small challenge. The industry is tackling runtime security on all fronts - we've seen ...
11 months ago Securityboulevard.com
Are you sure that online store is real? You might be surprised - The rise of user-friendly online store platforms, originally designed to simplify launching digital storefronts, has unintentionally contributed to this problem. These scam artists have a worldwide presence, launching numerous fake stores in various ...
1 year ago Blog.avast.com
Role of Parents in Teaching Online Safety - In today's digital landscape, where children are increasingly exposed to the vast world of the internet, the role of parents in teaching online safety has become paramount. Parents should have regular conversations with their kids about the ...
1 year ago Securityzap.com
Cybersecurity for Homeschooling Parents: A Guide - With the increased reliance on technology and online tools, homeschooling parents must also address the pressing issue of cybersecurity. Whether it's securing tech tools, teaching safe online practices, or accessing valuable resources, this guide ...
1 year ago Securityzap.com
Online Assessment Security Best Practices for Educators - In today's digital age, online assessment security has become a critical concern for educators. As online learning and remote testing continue to gain popularity, it is imperative for educators to implement best practices that uphold the integrity ...
1 year ago Securityzap.com
Digital Citizenship Lessons for Students - This article aims to emphasize the significance of digital citizenship lessons for students, focusing on three key aspects: the definition and scope of digital citizenship, online etiquette, and safe online behavior. By equipping students with ...
1 year ago Securityzap.com
Longhorn Imaging Center Files Notice of Data Breach Affecting Patients' Sensitive Medical Information - On October 25, 2023, South Austin Health Imaging LLC dba Longhorn Imaging Center filed a notice of data breach with the Attorney General of Texas after discovering that confidential information in the company's possession was subject to unauthorized ...
1 year ago Jdsupra.com
Fellowship Village Files Notice of Data Breach with the Federal Government - On October 8, 2023, Fellowship Village filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that there was unauthorized access to the company's computer network. In this notice, ...
1 year ago Jdsupra.com
An Age-by-Age Guide to Online Safety for Kids - Although the access to information, entertainment, and connection it offers is vital to modern life, safeguarding kids' online safety is crucial for their wellbeing, development, and future success in an increasingly digital world. In the following ...
1 year ago Cyberdefensemagazine.com
Retool Data Breach Affects MG Stover and Multiple Investment Funds - On September 29, 2023, MG Stover filed a notice of data breach with the Attorney General of Massachusetts after discovering that Retool, one of the company's vendors, experienced a cybersecurity incident that exposed confidential information. In this ...
1 year ago Jdsupra.com
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
1 year ago Securityboulevard.com
Mt. Graham Regional Medical Center Recovers from Ransomware Attack but Confirms Data Breach - On September 29, 2023, Mount Graham Regional Medical Center filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after confirming a recent ransomware attack. In this notice, MGRMC explains that ...
1 year ago Jdsupra.com
Texas Retina Associates Notifies Nearly 300k People of Recent Data Breach - On June 26, 2024, Texas Retina Associates filed a notice of data breach with the Attorney General of Texas after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, ...
6 months ago Jdsupra.com
Forward Bank Notifies 46,019 Customers of Recent Data Breach - On November 17, 2023, Forward Bank filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access certain files on the company's computer network. In this notice, Forward Bank explains ...
1 year ago Jdsupra.com
AvidXchange Notifies Consumers of Data Breach Following Period of Unauthorized Access - On October 13, 2023, AvidXchange, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that a recent cybersecurity event resulted in an unauthorized party being able to access the company's IT network. In ...
1 year ago Jdsupra.com
Online safety laws: What's in store for children's digital playgrounds? - As children's safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm. Tomorrow is Safer Internet Day, an annual awareness campaign that started in Europe in 2004 ...
1 year ago Welivesecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Keenan & Associates Reports Data Breach Exposing Social Security Numbers of More Than 1.5M - PRESS RELEASE. MARLTON, N.J., Jan. 29, 2024 /PRNewswire/ - Approximately 1.5 million consumers are being notified that their Social Security numbers and other confidential information were compromised when an unauthorized party was able to access the ...
11 months ago Darkreading.com
Protecting Children Online: A Parent's Guide - It's easy to imagine a world in which our children are exposed to inappropriate content, cyberbullying, or even malicious online predators. In order to protect our children from these dangers, it is necessary to create an environment at home that ...
1 year ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)