February 8, 2023

According to Sansec, approximately 12% of online stores fail to backup their public folders due to human error or negligence. As a result, online stores have exposed private backups in public folders, including internal account passwords, which can be used to take over e-commerce sites and extort owners.

Sansec said it examined 2,037 different stores and discovered 250 (12.3%) exposed ZIP, SQL, and TAR archives on public web folders that can be accessed without authentication. According to Sansec, these archives appear to be backups that contain database passwords, secret administrator URLs, internal API keys, and customer PII (personally identifiable information).

According to Sansec, its analysts see constant activity from attackers who launch automated scans in an attempt to locate these backups and perform breaches. Furthermore, the presence of multiple source IPs for these attacks indicates that threat actors are well aware of the existence of exposed backups and are attempting to exploit them.

If the exposed backups contain administrator credentials, master database passwords, or staff accounts, attackers can use them to gain access to the site and steal data or launch destructive attacks.

“Online criminals are actively scanning for these backups, as they contain passwords and other sensitive information,” reads the Sansec report “Exposed secrets have been used to gain control of stores, extort merchants and intercept customer payments.”

The sources for this piece include an article in BleepingComputer.