Security News > 2023 > February > Over 12% of analyzed online stores expose private data, backups
Many online stores are exposing private backups in public folders, including internal account passwords, which can be leveraged to take over the e-commerce sites and extort owners.
According to a study by website security company Sansec, roughly 12% of online stores forget their backups in public folders due to human error or negligence.
The archives appear to be backups containing database passwords, secret administrator URLs, internal API keys, and customer PII. In the same report, Sansec explains that its analysts observe constant activity from attackers who launch automated scans trying to pinpoint these backups and perform breaches.
If the exposed backups contain administrator details, master database passwords, or staff accounts, the attackers can use them to gain access to the site and steal data or perform destructive attacks.
Sansec urges website owners to routinely check their sites for accidentally exposed data and backup.
If you have exposed a website backup publicly, immediately reset admin accounts and database passwords, and enable 2FA on all staff accounts.