Experts On 5.8 Million RedDoorz User Records For Sale On Hacking Forum

After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia. 

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Chris Clements
Chris Clements , VP
InfoSec Expert
November 11, 2020 10:37 am

The good news is that RedDoorz appears to have used a secure hashing algorithm, bcrypt, to secure user passwords in the stolen database. Secure hashing algorithms like bcrypt make it much harder for attackers to crack user passwords but they aren’t a silver bullet. Although it makes cracking passwords much slower, simple and short passwords can still be cracked relatively quickly.

The attackers have apparently stolen RedDoorz complete database which suggests that the most likely attack methods were insecure configuration or storage of the database, or a web attack such as SQL injection. Insecure configuration or storage can often happen if developers who aren’t familiar with security best practices inadvertently expose databases, especially in cloud services.

To protect themselves, organizations must adopt a culture of security to ensure that software development processes are tightly integrated with their security operations to encompass proper security protections are in place for not only the developer’s code, but also the underlying systems and applications that it runs on.

Last edited 1 year ago by Chris Clements
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x