Experts On 5.8 Million RedDoorz User Records For Sale On Hacking Forum

By   ISBuzz Team
Writer , Information Security Buzz | Nov 11, 2020 02:33 am PST

After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Clements
November 11, 2020 10:37 am

The good news is that RedDoorz appears to have used a secure hashing algorithm, bcrypt, to secure user passwords in the stolen database. Secure hashing algorithms like bcrypt make it much harder for attackers to crack user passwords but they aren’t a silver bullet. Although it makes cracking passwords much slower, simple and short passwords can still be cracked relatively quickly.

The attackers have apparently stolen RedDoorz complete database which suggests that the most likely attack methods were insecure configuration or storage of the database, or a web attack such as SQL injection. Insecure configuration or storage can often happen if developers who aren’t familiar with security best practices inadvertently expose databases, especially in cloud services.

To protect themselves, organizations must adopt a culture of security to ensure that software development processes are tightly integrated with their security operations to encompass proper security protections are in place for not only the developer’s code, but also the underlying systems and applications that it runs on.

Last edited 3 years ago by Chris Clements

Recent Posts

Would love your thoughts, please comment.x