BACKGROUND:
DreamHost, one of the largest website hosting providers, has leaked 814 million records online including customer data. Researched and reported by independent cyber security researcher Jeremiah Fowler as well as Website Planet, the team discovered a non-password protected database that contained just under 1 billion records. The exposed records revealed usernames, display names, and emails for WordPress accounts. An expert with Blue Hexagon offers perspective.
<p>Misconfigurations continue to be a significant source of breaches both in the public cloud and private data centers. One key element of this breach is how it revealed the software stacks of the affected users and would allow the attackers to not just sell the data they stole but perform follow-on phishing or vishing attacks on those users based on this knowledge or even triangulate the hosted websites of those users and attempt to exploit them based in the software versions revealed in this breach.</p> <p> </p> <p>Breaches are becoming a chain with each piece of stolen data enriching information and techniques that attackers can use to further their aim. Each data breach adds to the knowledge graph of victims an attacker has, to allow them to choose the next easiest or most profitable step to take.</p>