Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Attackers are searching for online store backups in public folders. Can they find yours?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Attackers are searching for online store backups in public folders. Can they find yours?

Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look.

“Exposed secrets have been used to gain control of stores, extort merchants and intercept customer payments,” say Sansec threat researchers.
Searching for exposed backups

The researchers have analyzed 2037 online stores of various sizes and running of various e-commerce platforms and found that 250 of them (12%) stored archive files in the public web folder, accessible to all.

“We collaborated with some of our largest hosting partners, so I ... https://www.helpnetsecurity.com/2023/02/07/online-store-backups-public/

Comments

  • Nothing new. Any one who keeps eye on their server logs, knows what the baddys are looking for.

  • jarjar Patron Provider, Top Host, Veteran

    Not fair. Why should I have to keep my backups private when I never linked anyone to them?

  • @jar said:
    Not fair. Why should I have to keep my backups private when I never linked anyone to them?

    Oh, life/God decided to let this be just to annoy you

    Thanked by 1jar
  • I read the main article. The main source is an eCommerce website scanner seller. They said they never downloaded the files to see what is inside them. My guess is 90 percent of those files are just archive/sql files that you upload to a host to create your shop (Initial installation archive/sql files).

    They don't mention how popular the websites are so again I can guess many of these are abandoned or newly generated shops.

    And in the end I should mention that most of eCommerce websites (like local stores that occasionally have online sells) don't even create a backup so nothing to worry about !

Sign In or Register to comment.