A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week. According to data from The World Bank, Thailand racked up almost 40 million international arrivals in 2019, a number that was on the rise every year pre-pandemic except for 2014, the year the country experienced a military coup.
One of the symptoms of this rampant and global technological epidemic are the vulnerabilities that exist in internal databases globally - those that often store an organization's most sensitive data. Despite the increasing adoption of cloud infrastructure and database environments, it's estimated that 50% of data is stored on-premises.
A report released Tuesday by cybersecurity firm Imperva Research Labs examines why databases are vulnerable and offers advice on how to better protect your data from falling into the wrong hands. Based on analysis covering 27,000 on-premises databases around the world, Imperva found that one out of every two databases contains as least one vulnerability.
46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities.
Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws. A five-year longitudinal study found that nearly one out of every two on-premises databases globally - 46 percent - is vulnerable to attack, given that it has at least one unpatched vulnerability.
After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet. The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.
This article can help you quantify the level of security of your databases on a scale of 1 to 10. Rating 2 is for databases where both the database and operating system are configured by following industry standards and best practices.
McDonald's UK Monopoly VIP game kicked off at the end of August, and a recent round of emails sent to winners of the game's various prizes included more than a coupon for free fries. The franchise accidentally inserted passwords for a McDonald's server that hosted information tied to the UK Monopoly VIP game.
McDonald's customers who won a prize draw competition got more than they hoped for after the burger chain emailed them login credentials for development and production databases used to power the campaign. The first person to report the blunder to McDonald's, startup founder Connor Greig, told The Register: "It's a bit weird," adding that code strings containing the credentials looked as if they had "Been formatted into the email by accident."
A bug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners. After skipping a year due to COVID-19, McDonald's UK launched their popular Monopoly VIP game on August 25th, where customers can enter codes found on purchase food items for a chance to win a prize.