Hackers Are Selling More Than 85,000 MySQL Databases On a Dark Web Portal (zdnet.com) 24
An anonymous Slashdot reader writes:
For the past year, hackers have been breaking into MySQL databases, downloading tables, deleting the originals, and leaving ransom notes behind, telling server owners to contact the attackers to get their data back. If database owners don't respond and ransom their data back in nine days, the databases are then put up on auction on a dark web portal.
"More than 85,000 MySQL databases are currently on sale on a dark web portal for a price of only $550/database," reports ZDNet: This suggests that both the DB intrusions and the ransom/auction web pages are automated and that attackers don't analyze the hacked databases for data that could contain a higher concentration of personal or financial information. Signs of these ransom attacks have been piling up over the course of 2020, with the number of complaints from server owners finding the ransom note inside their databases popping up on Reddit, the MySQL forums, tech support forums, Medium posts, and private blogs.
"More than 85,000 MySQL databases are currently on sale on a dark web portal for a price of only $550/database," reports ZDNet: This suggests that both the DB intrusions and the ransom/auction web pages are automated and that attackers don't analyze the hacked databases for data that could contain a higher concentration of personal or financial information. Signs of these ransom attacks have been piling up over the course of 2020, with the number of complaints from server owners finding the ransom note inside their databases popping up on Reddit, the MySQL forums, tech support forums, Medium posts, and private blogs.
Notes inside their Databases (Score:2)
Seriously, though. (Score:4, Insightful)
Re: (Score:2)
The companies with compromised data didn't fail to listen to their security professionals. They didn't have security professionals. Why would they hire an expert, pay them a salary, and then ignore them? The story behind these ransoms is almost always the clueless leading the blind.
Re: (Score:3)
and for remote read only where is the ransom note? (Score:2)
and for remote read only where is the ransom note?
Re: (Score:2)
Would be funny if some hacker (Score:3)
Re: (Score:1)
This article actually has me thinking about building some honeypots exposing databases with tantalizing names, of staggering size, and containing utterly useless, weakly-encrypted data. I'd get a serious case of the giggles every time I thought about the end buyer spending the time and resources needed to decrypt something like the 1961 Sears Roebuck catalog.
Re: (Score:2)
Re: (Score:2)
databases with tantalizing names
CIAmolesInRussia.db
IranianCentrifugeLocations.db
DonaldsLittleBlackBook.db
SlovenianSupermodelNudes.db
MoscowHotelRoomUrinePhotos.db
NASAfakeMoonLanding1969.db
BidensPlanToStealTheElection.db
Who's leaving these things exposed? (Score:1)
Are you seriously telling me that here we are, 2020, and folks are still leaving critical services exposed to unsecured networks unnecessarily? Why? Now a days you'd have to go out of your way to open those ports up, so what are people trying to accomplish?
Re:Who's leaving these things exposed? (Score:4, Insightful)
Are you seriously telling me that here we are, 2020, and folks are still leaving critical services exposed to unsecured networks unnecessarily? Why? Now a days you'd have to go out of your way to open those ports up, so what are people trying to accomplish?
Probably the outsourcing vendor they replaced all the DB employees with. If you want your DB services "secured" it costs extra.
Re: (Score:2)
Probably the outsourcing vendor they replaced all the DB employees with. If you want your DB services "secured" it costs extra.
That may be one factor. But a lot of this is simply people with no clue what they are doing combined with significant arrogance. Just think of all the unsecured S3 buckets, for example. If you have a minimal clue how things work, you make very sure it is protected, and then you test it. Funny thing, one of the most secure (while working perfectly fine) firewall configs I have so far analyzed was by a guy that was actually a printer and that said he had only a minimal clue. But this person did read up on stu
Re: (Score:2)
Most people that work on, or in a printing press process are rather 3-D smart, I met a guy that made a specific mathematical formula/model to account for the diameter of roll while printing and the speed adjustment needed. These guys read manuals all the time to make sure the press run's correctly. so I am not surprised about the firewall setting being tight as can be for what the guy could understand and operate.
Re: (Score:2)
That sounds like a good explanation. This guy really impressed me and he did a lot better than many computer engineers and CS types in other companies that should really have known better.
Re: (Score:2)
I set up a friends print shop network back in the 80's ( novell networks ) simple, nothing fancy, I just watched these guys and women run the press machines with some real analog grace and style, and you could see that they had check list for running the entire operation run.
They used kitchen timers to know when to check certain things and simple experience solutions.
It stuck with me for my lifetime.
Can I Has A Free Database? (Score:2)
Oh Goody! I found a Yellow Pages. Look at all these addresses and names. This must be illegal as hell to have!!
Porn? (Score:3)
Any good porn databases? Volume discounts available?
Asking for a friend.
Re: (Score:2)
Just curious, is your friend Mike in accounting? Because he just asked me to post the same thing.
Ransom? (Score:2)
Hmmm. Pay $1,000,000.00 to some hacker for your database. Or. Log in to the dark web, search, and pay $550.00. Tough choice.
[John]
Real data or fake data? (Score:2)