If you leave a database unsecured on the web, how long does it take hackers to find and steal it?
Comparitech’s security research team regularly uncovers unsecured or misconfigured servers that leak sensitive user data on the web. In a typical scenario, unauthorized third parties can find, access, and even modify the data that organizations have left exposed without a password or any other authentication, putting user privacy and security at risk.
Although we do our best to quickly alert whoever is responsible for exposures we find, the data often sits exposed and vulnerable for anywhere from a few hours up to a few weeks while we hunt down the owner and wait for a response.
Time is of the essence in these situations. We wanted to find out how fast data can be compromised if left unsecured.
So, we set up a honeypot.
Our research team, headed by cybersecurity expert Bob Diachenko, created a simulation of a database on an Elasticsearch instance—a type of cloud server in which data is often stored—and put fake user data inside of it. Then we left it publicly exposed to see who would connect to it and how they would try to steal, scrape, or destroy the data.
Here’s what we found:
175 attacks beginning just 8 hours after deployment
We left the data exposed from May 11, 2020 to May 22, 2020. During that time, 175 unauthorized requests were made. We broadly refer to these requests as “attacks”. Our honeypot averaged 18 attacks per day.
The first attack came on May 12, just 8 hours and 35 minutes after deployment.
