30 million worth of WordPress user’s data was reportedly leaked by a top cloud accounting company. A Canadian cloud unicorn firm has just recently left a database unattended to.
WordPress User’s Data Leaked
Canadian unicorn cloud computing software, FreshBooks reportedly kept an Amazon Web Services (AWS) storage bucket holding important employee information on the internet unprotected and available to just about anyone who knows where to look, according to experts.
And as a result of that, over 30 million of its users in over 160 countries all over the globe were put at risk of identity theft and other forms of cybercrime. The sad alert was issued by the Cybernews research team, which initially found the database in the latter parts of January.
Content of the Leak
On an initial assessment, it held storage images and metadata of its blog, but further analysis however discovered backups of the source code of the website, as well as site information, configurations, and login data for 121 users of WordPress. The login data such as usernames, email addresses, and hash passwords all belonged to the administrators of the site. They were hashed making use of an “easily crackable” MD5/phpass hashing framework, the researchers stated, thus suggesting that obtaining the information in plaintext was relatively very easy.
The Effect and Implication of the Leak
With this information in particular, the Cybernews team stated that threat actors could have gotten access to the backend of the website and then made unauthorized changes to its original contents. They could have easily analyzed the source code, and then understood how the website operated, and then got to found other vulnerabilities in the process to sell or even exploit. A 2019 server backup in fact held “at least five” vulnerable plugins that were then installed on the website at the time of the report, the researchers found.
And in a more dangerous scene, they also could have installed malicious software and then moved laterally all around the network and then stolen sensitive data in the process.
What Researchers Have To Say about the Reported Leak
There is a caveat in regards to exploiting the vulnerability, although: “The website’s login page to the admin panel was secured and not publicly accessible,” the researchers further explained. “However, attackers could still bypass this security measure by connecting to the same network as the website or finding and exploiting a vulnerable WordPress plugin.”
MORE RELATED POSTS