Hacker Steals 31 SQL Databases (1.6 million rows of data) To Extort Online Shop Owners
Wednesday, May 27, 2020
A hacker has stolen at least 31 SQL databases containing 1,620,000 (1.6 million) rows of information relating to the customers of online shops.
The hacker is offering samples of the data which, depending on the online shop, may reveal full names, usernames, email addresses, dates of birth, physical addresses, gender, account status, history and more, from each of the extorted e-commerce websites to prove the validity of the data and ramp up the pressure that is exerted on the database owners.
Ilia Kolochenko, Founder and CEO, ImmuniWeb
We will likely see a protracted surge of new attacks targeting careless web shops.
At ImmuniWeb, we first detected a database encrypting ransomware attack in 2015.
Since then, both the number and the sophistication of such attacks has skyrocketed. Many cyber gangs now leverage Machine Learning capabilities to better and faster detect outdated web applications in the Internet. They rapidly compromise, backdoor and even patch the vulnerability in a silent and seamless manner to preclude rival hacking groups from taking over the victim’s website. In today's pandemic bolstered e-commerce sector, however, most of the newly deployed web applications are insecure and vulnerable. We will likely see a protracted surge of new attacks targeting careless web shops. Most of them are unfortunately poised to be highly successful, and costly for the victims.
To help address the spiraling web hacking activities of this kind, at ImmuniWeb we offer a free website security test to check compliance with GDPR and PCI DSS requirements and tests for over 12,000 security vulnerabilities for 200+ CMS and 150,000+ their plugins. Read Full Article
SC Media: Malicious actor holds at least 31 stolen SQL databases for ransom
SecurityWeek: Free ImmuniWeb Tool Allows Organizations to Check Dark Web Exposure