Security News > 2022 > April > Number of publicly exposed database instances hits new record
Security researchers have noticed an increase in the number of exposed databases, with 308,000 identified in 2021.
In the first quarter of 2022, the amount of exposed databases peaked to 91,200 instances, researchers at threat intelligence and research company Group-IB say in a report shared with BleepingComputer.
Tim Bobak, Attack Surface Management Product Lead at Group-IB, told BleepingComputer that the company's solution is limited to checking if the database is exposed or not and it does not have any capability to collect or analyze the content of a database.
When it comes to the database management system used in the exposed instances, most of them are Redis, with almost double the number of the runner-up in Q1 2022, MongoDB. Elastic accounts for a smaller portion that is still in the tens of thousands, while MySQL recorded the fewest instances detected by Group-IB. These management systems have taken measures to alert admins when they configure instances for public access without a password but the problem persists.
Database security can be ensured if admins follow specific key steps when setting up instances and after maintenance sessions.
Ensure that the database isn't publicly exposed if it doesn't need to be.